VirtualBox

source: vbox/trunk/src/libs/openssl-3.1.7/test/evp_extra_test.c@ 106683

Last change on this file since 106683 was 105949, checked in by vboxsync, 5 months ago

openssl-3.1.7: Applied and adjusted our OpenSSL changes to 3.1.7. bugref:10757
File size: 182.5 KB
Line 
1/*
2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10/* We need to use some deprecated APIs */
11#define OPENSSL_SUPPRESS_DEPRECATED
12
13#include <stdio.h>
14#include <stdlib.h>
15#include <string.h>
16#include <openssl/bio.h>
17#include <openssl/conf.h>
18#include <openssl/crypto.h>
19#include <openssl/err.h>
20#include <openssl/evp.h>
21#include <openssl/x509.h>
22#include <openssl/pem.h>
23#include <openssl/kdf.h>
24#include <openssl/provider.h>
25#include <openssl/core_names.h>
26#include <openssl/params.h>
27#include <openssl/param_build.h>
28#include <openssl/dsa.h>
29#include <openssl/dh.h>
30#include <openssl/aes.h>
31#include <openssl/decoder.h>
32#include <openssl/rsa.h>
33#include <openssl/engine.h>
34#include <openssl/proverr.h>
35#include "testutil.h"
36#include "internal/nelem.h"
37#include "internal/sizes.h"
38#include "crypto/evp.h"
39
40#ifdef STATIC_LEGACY
41OSSL_provider_init_fn ossl_legacy_provider_init;
42#endif
43
44static OSSL_LIB_CTX *testctx = NULL;
45static char *testpropq = NULL;
46
47static OSSL_PROVIDER *nullprov = NULL;
48static OSSL_PROVIDER *deflprov = NULL;
49static OSSL_PROVIDER *lgcyprov = NULL;
50
51/*
52 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
53 * should never use this key anywhere but in an example.
54 */
55static const unsigned char kExampleRSAKeyDER[] = {
56 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
57 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
58 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
59 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
60 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
61 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
62 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
63 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
64 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
65 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
66 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
67 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
68 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
69 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
70 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
71 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
72 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
73 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
74 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
75 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
76 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
77 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
78 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
79 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
80 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
81 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
82 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
83 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
84 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
85 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
86 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
87 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
88 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
89 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
90 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
91 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
92 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
93 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
94 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
95 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
96 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
97 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
98 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
99 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
100 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
101 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
102 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
103 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
104 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
105 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
106 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
107};
108
109/*
110* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
111 * should never use this key anywhere but in an example.
112 */
113#ifndef OPENSSL_NO_DSA
114static const unsigned char kExampleDSAKeyDER[] = {
115 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
116 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
117 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
118 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
119 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
120 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
121 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
122 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
123 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
124 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
125 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
126 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
127 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
128 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
129 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
130 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
131 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
132 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
133 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
134 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
135 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
136 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
137 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
138 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
139 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
140 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
141 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
142 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
143 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
144 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
145 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
146 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
147 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
148 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
149 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
150 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
151 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 0x40, 0x48
153};
154#endif
155
156/*
157 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
158 * components are not correct.
159 */
160static const unsigned char kExampleBadRSAKeyDER[] = {
161 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
162 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
163 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
164 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
165 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
166 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
167 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
168 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
169 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
170 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
171 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
172 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
173 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
174 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
175 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
176 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
177 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
178 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
179 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
180 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
181 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
182 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
183 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
184 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
185 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
186 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
187 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
188 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
189 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
190 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
191 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
192 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
193 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
194 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
195 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
196 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
197 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
198 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
199 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
200 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
201 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
202 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
203 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
204 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
205 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
206 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
207 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
208 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
209 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
210 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
211 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
212 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
213 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
214 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
215 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
216 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
217 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
218 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
219 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
220 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
221 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
222 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
223 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
224 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
225 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
226 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
227 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
228 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
229 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
230 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
231 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
232 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
233 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
234 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
235 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
236 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
237 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
238 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
239 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
240 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
241 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
242 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
243 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
244 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
245 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
246 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
247 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
248 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
249 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
250};
251
252/*
253 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
254 * values are 0.
255 */
256static const unsigned char kExampleBad2RSAKeyDER[] = {
257 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
258 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
259 0x01, 0x00, 0x02, 0x01, 0x00
260};
261
262static const unsigned char kMsg[] = { 1, 2, 3, 4 };
263
264static const unsigned char kSignature[] = {
265 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
266 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
267 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
268 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
269 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
270 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
271 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
272 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
273 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
274 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
275 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
276};
277
278/*
279 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
280 * PrivateKeyInfo.
281 */
282static const unsigned char kExampleRSAKeyPKCS8[] = {
283 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
284 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
285 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
286 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
287 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
288 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
289 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
290 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
291 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
292 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
293 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
294 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
295 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
296 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
297 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
298 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
299 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
300 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
301 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
302 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
303 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
304 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
305 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
306 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
307 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
308 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
309 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
310 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
311 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
312 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
313 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
314 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
315 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
316 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
317 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
318 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
319 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
320 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
321 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
322 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
323 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
324 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
325 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
326 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
327 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
328 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
329 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
330 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
331 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
332 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
333 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
334 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
335 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
336};
337
338#ifndef OPENSSL_NO_EC
339/*
340 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
341 * structure.
342 */
343static const unsigned char kExampleECKeyDER[] = {
344 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
345 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
346 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
347 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
348 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
349 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
350 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
351 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
352 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
353 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
354 0xc1,
355};
356
357/*
358 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
359 * structure. The private key is equal to the order and will fail to import
360 */
361static const unsigned char kExampleBadECKeyDER[] = {
362 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
363 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
364 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
365 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
366 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
367 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
368 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
369 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
370 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
371};
372
373/* prime256v1 */
374static const unsigned char kExampleECPubKeyDER[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383};
384
385/*
386 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
387 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
388 */
389static const unsigned char kExampleBadECPubKeyDER[] = {
390 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
391 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
392 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
393 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
394 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
395 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
396 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
397 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
398};
399
400static const unsigned char pExampleECParamDER[] = {
401 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
402};
403
404static const unsigned char kExampleED25519KeyDER[] = {
405 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
406 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
407 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
408 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
409};
410
411static const unsigned char kExampleED25519PubKeyDER[] = {
412 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
413 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
414 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
415 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
416};
417
418# ifndef OPENSSL_NO_DEPRECATED_3_0
419static const unsigned char kExampleX25519KeyDER[] = {
420 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
421 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
422 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
423 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
424};
425# endif
426#endif
427
428/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
429#ifndef OPENSSL_NO_DEPRECATED_3_0
430# ifndef OPENSSL_NO_DH
431static const unsigned char kExampleDHKeyDER[] = {
432 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
433 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
434 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
435 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
436 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
437 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
438 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
439 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
440 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
441 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
442 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
443 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
444 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
445 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
446 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
447 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
448 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
449 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
450 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
451 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
452 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
453 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
454 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
455 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
456 0x2e, 0x87, 0x2a, 0x0b, 0x7a
457};
458# endif
459#endif
460
461static const unsigned char kCFBDefaultKey[] = {
462 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
463 0x09, 0xCF, 0x4F, 0x3C
464};
465
466static const unsigned char kGCMDefaultKey[32] = { 0 };
467
468static const unsigned char kGCMResetKey[] = {
469 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
470 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
471 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
472};
473
474static const unsigned char iCFBIV[] = {
475 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
476 0x0C, 0x0D, 0x0E, 0x0F
477};
478
479static const unsigned char iGCMDefaultIV[12] = { 0 };
480
481static const unsigned char iGCMResetIV1[] = {
482 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
483};
484
485static const unsigned char iGCMResetIV2[] = {
486 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
487};
488
489static const unsigned char cfbPlaintext[] = {
490 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
491 0x73, 0x93, 0x17, 0x2A
492};
493static const unsigned char cfbPlaintext_partial[] = {
494 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
495 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
496};
497
498static const unsigned char gcmDefaultPlaintext[16] = { 0 };
499
500static const unsigned char gcmResetPlaintext[] = {
501 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
502 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
503 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
504 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
505 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
506};
507
508static const unsigned char cfbCiphertext[] = {
509 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
510 0xE8, 0x3C, 0xFB, 0x4A
511};
512
513static const unsigned char cfbCiphertext_partial[] = {
514 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
515 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
516};
517
518static const unsigned char ofbCiphertext_partial[] = {
519 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
520 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
521};
522
523static const unsigned char gcmDefaultCiphertext[] = {
524 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
525 0xba, 0xf3, 0x9d, 0x18
526};
527
528static const unsigned char gcmResetCiphertext1[] = {
529 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
530 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
531 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
532 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
533 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
534};
535
536static const unsigned char gcmResetCiphertext2[] = {
537 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
538 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
539 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
540 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
541 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
542};
543
544static const unsigned char gcmAAD[] = {
545 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
546 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
547};
548
549static const unsigned char gcmDefaultTag[] = {
550 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
551 0xd4, 0x8a, 0xb9, 0x19
552};
553
554static const unsigned char gcmResetTag1[] = {
555 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
556 0xfe, 0x2e, 0xa8, 0xf2
557};
558
559static const unsigned char gcmResetTag2[] = {
560 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
561 0xbb, 0x2d, 0x55, 0x1b
562};
563
564typedef struct APK_DATA_st {
565 const unsigned char *kder;
566 size_t size;
567 const char *keytype;
568 int evptype;
569 int check;
570 int pub_check;
571 int param_check;
572 int type; /* 0 for private, 1 for public, 2 for params */
573} APK_DATA;
574
575static APK_DATA keydata[] = {
576 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
577 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
578#ifndef OPENSSL_NO_EC
579 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
580#endif
581};
582
583static APK_DATA keycheckdata[] = {
584 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
585 0},
586 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
587 0, 1, 1, 0},
588 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
589 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
590#ifndef OPENSSL_NO_EC
591 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
592 /* group is also associated in our pub key */
593 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
594 1, 1},
595 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
596 2},
597 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
598 EVP_PKEY_ED25519, 1, 1, 1, 0},
599 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
600 EVP_PKEY_ED25519, 0, 1, 1, 1},
601#endif
602};
603
604static EVP_PKEY *load_example_key(const char *keytype,
605 const unsigned char *data, size_t data_len)
606{
607 const unsigned char **pdata = &data;
608 EVP_PKEY *pkey = NULL;
609 OSSL_DECODER_CTX *dctx =
610 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
611 testctx, testpropq);
612
613 /* |pkey| will be NULL on error */
614 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
615 OSSL_DECODER_CTX_free(dctx);
616 return pkey;
617}
618
619static EVP_PKEY *load_example_rsa_key(void)
620{
621 return load_example_key("RSA", kExampleRSAKeyDER,
622 sizeof(kExampleRSAKeyDER));
623}
624
625#ifndef OPENSSL_NO_DSA
626static EVP_PKEY *load_example_dsa_key(void)
627{
628 return load_example_key("DSA", kExampleDSAKeyDER,
629 sizeof(kExampleDSAKeyDER));
630}
631#endif
632
633#ifndef OPENSSL_NO_EC
634static EVP_PKEY *load_example_ec_key(void)
635{
636 return load_example_key("EC", kExampleECKeyDER,
637 sizeof(kExampleECKeyDER));
638}
639#endif
640
641#ifndef OPENSSL_NO_DEPRECATED_3_0
642# ifndef OPENSSL_NO_DH
643static EVP_PKEY *load_example_dh_key(void)
644{
645 return load_example_key("DH", kExampleDHKeyDER,
646 sizeof(kExampleDHKeyDER));
647}
648# endif
649
650# ifndef OPENSSL_NO_EC
651static EVP_PKEY *load_example_ed25519_key(void)
652{
653 return load_example_key("ED25519", kExampleED25519KeyDER,
654 sizeof(kExampleED25519KeyDER));
655}
656
657static EVP_PKEY *load_example_x25519_key(void)
658{
659 return load_example_key("X25519", kExampleX25519KeyDER,
660 sizeof(kExampleX25519KeyDER));
661}
662# endif
663#endif /* OPENSSL_NO_DEPRECATED_3_0 */
664
665static EVP_PKEY *load_example_hmac_key(void)
666{
667 EVP_PKEY *pkey = NULL;
668 unsigned char key[] = {
669 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
670 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
671 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
672 };
673
674 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
675 NULL, key, sizeof(key));
676 if (!TEST_ptr(pkey))
677 return NULL;
678
679 return pkey;
680}
681
682static int test_EVP_set_default_properties(void)
683{
684 OSSL_LIB_CTX *ctx;
685 EVP_MD *md = NULL;
686 int res = 0;
687
688 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
689 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
690 goto err;
691 EVP_MD_free(md);
692 md = NULL;
693
694 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
695 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
696 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
697 goto err;
698 EVP_MD_free(md);
699 md = NULL;
700
701 if (!TEST_true(EVP_set_default_properties(ctx, NULL))
702 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
703 goto err;
704 res = 1;
705err:
706 EVP_MD_free(md);
707 OSSL_LIB_CTX_free(ctx);
708 return res;
709}
710
711#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
712static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
713{
714 EVP_PKEY_CTX *pctx = NULL;
715 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
716
717 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
718 goto err;
719 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
720 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
721 params), 0))
722 goto err;
723
724 if (!TEST_ptr(tmp_pkey))
725 goto err;
726
727 pkey = tmp_pkey;
728 tmp_pkey = NULL;
729 err:
730 EVP_PKEY_free(tmp_pkey);
731 EVP_PKEY_CTX_free(pctx);
732 return pkey;
733}
734
735static int test_selection(EVP_PKEY *pkey, int selection)
736{
737 int testresult = 0;
738 int ret;
739 BIO *bio = BIO_new(BIO_s_mem());
740
741 ret = PEM_write_bio_PUBKEY(bio, pkey);
742 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
743 if (!TEST_true(ret))
744 goto err;
745 } else {
746 if (!TEST_false(ret))
747 goto err;
748 }
749 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
750 testctx, NULL);
751 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
752 if (!TEST_true(ret))
753 goto err;
754 } else {
755 if (!TEST_false(ret))
756 goto err;
757 }
758
759 testresult = 1;
760 err:
761 BIO_free(bio);
762
763 return testresult;
764}
765#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
766
767/*
768 * Test combinations of private, public, missing and private + public key
769 * params to ensure they are all accepted
770 */
771#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
772static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
773{
774 OSSL_PARAM_BLD *bld = NULL;
775 OSSL_PARAM *params = NULL;
776 EVP_PKEY *just_params = NULL;
777 EVP_PKEY *params_and_priv = NULL;
778 EVP_PKEY *params_and_pub = NULL;
779 EVP_PKEY *params_and_keypair = NULL;
780 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
781 int ret = 0;
782
783 /*
784 * Setup the parameters for our pkey object. For our purposes they don't
785 * have to actually be *valid* parameters. We just need to set something.
786 */
787 if (!TEST_ptr(p = BN_new())
788 || !TEST_ptr(q = BN_new())
789 || !TEST_ptr(g = BN_new())
790 || !TEST_ptr(pub = BN_new())
791 || !TEST_ptr(priv = BN_new()))
792 goto err;
793
794 /* Test !priv and !pub */
795 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
796 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
799 goto err;
800 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
801 || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
802 goto err;
803
804 OSSL_PARAM_free(params);
805 OSSL_PARAM_BLD_free(bld);
806 params = NULL;
807 bld = NULL;
808
809 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
810 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
811 goto err;
812
813 /* Test priv and !pub */
814 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
815 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
816 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
817 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
819 priv)))
820 goto err;
821 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
822 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
823 goto err;
824
825 OSSL_PARAM_free(params);
826 OSSL_PARAM_BLD_free(bld);
827 params = NULL;
828 bld = NULL;
829
830 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
831 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
832 goto err;
833
834 /* Test !priv and pub */
835 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
836 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
837 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
838 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
840 pub)))
841 goto err;
842 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
843 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
844 goto err;
845
846 OSSL_PARAM_free(params);
847 OSSL_PARAM_BLD_free(bld);
848 params = NULL;
849 bld = NULL;
850
851 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
852 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
853 goto err;
854
855 /* Test priv and pub */
856 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
857 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
858 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
859 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
860 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
861 pub))
862 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
863 priv)))
864 goto err;
865 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
866 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
867 goto err;
868
869 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
870 goto err;
871
872 ret = 1;
873 err:
874 OSSL_PARAM_free(params);
875 OSSL_PARAM_BLD_free(bld);
876 EVP_PKEY_free(just_params);
877 EVP_PKEY_free(params_and_priv);
878 EVP_PKEY_free(params_and_pub);
879 EVP_PKEY_free(params_and_keypair);
880 BN_free(p);
881 BN_free(q);
882 BN_free(g);
883 BN_free(pub);
884 BN_free(priv);
885
886 return ret;
887}
888#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
889
890/*
891 * Test combinations of private, public, missing and private + public key
892 * params to ensure they are all accepted for EC keys
893 */
894#ifndef OPENSSL_NO_EC
895static unsigned char ec_priv[] = {
896 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
897 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
898 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
899};
900static unsigned char ec_pub[] = {
901 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
902 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
903 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
904 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
905 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
906 0x08, 0x09, 0xb8, 0xdb, 0x03
907};
908
909static int test_EC_priv_pub(void)
910{
911 OSSL_PARAM_BLD *bld = NULL;
912 OSSL_PARAM *params = NULL;
913 EVP_PKEY *just_params = NULL;
914 EVP_PKEY *params_and_priv = NULL;
915 EVP_PKEY *params_and_pub = NULL;
916 EVP_PKEY *params_and_keypair = NULL;
917 BIGNUM *priv = NULL;
918 int ret = 0;
919 unsigned char *encoded = NULL;
920 size_t len = 0;
921 unsigned char buffer[128];
922
923 /*
924 * Setup the parameters for our pkey object. For our purposes they don't
925 * have to actually be *valid* parameters. We just need to set something.
926 */
927 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
928 goto err;
929
930 /* Test !priv and !pub */
931 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
932 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
933 OSSL_PKEY_PARAM_GROUP_NAME,
934 "P-256", 0)))
935 goto err;
936 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
937 || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
938 goto err;
939
940 OSSL_PARAM_free(params);
941 OSSL_PARAM_BLD_free(bld);
942 params = NULL;
943 bld = NULL;
944
945 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
946 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
947 goto err;
948
949 /* Test priv and !pub */
950 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
951 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
952 OSSL_PKEY_PARAM_GROUP_NAME,
953 "P-256", 0))
954 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
955 priv)))
956 goto err;
957 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
958 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
959 goto err;
960
961 OSSL_PARAM_free(params);
962 OSSL_PARAM_BLD_free(bld);
963 params = NULL;
964 bld = NULL;
965
966 /*
967 * We indicate only parameters here, in spite of having built a key that
968 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
969 * expected to fail because it does not support exporting a private EC
970 * key without a corresponding public key
971 */
972 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
973 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
974 goto err;
975
976 /* Test !priv and pub */
977 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
978 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
979 OSSL_PKEY_PARAM_GROUP_NAME,
980 "P-256", 0))
981 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
982 OSSL_PKEY_PARAM_PUB_KEY,
983 ec_pub, sizeof(ec_pub))))
984 goto err;
985 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
986 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
987 goto err;
988
989 OSSL_PARAM_free(params);
990 OSSL_PARAM_BLD_free(bld);
991 params = NULL;
992 bld = NULL;
993
994 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
995 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
996 goto err;
997
998 /* Test priv and pub */
999 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
1000 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
1001 OSSL_PKEY_PARAM_GROUP_NAME,
1002 "P-256", 0))
1003 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
1004 OSSL_PKEY_PARAM_PUB_KEY,
1005 ec_pub, sizeof(ec_pub)))
1006 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
1007 priv)))
1008 goto err;
1009 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
1010 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
1011 goto err;
1012
1013 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
1014 goto err;
1015
1016 /* Try key equality */
1017 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
1018 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
1019 0)
1020 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
1021 0)
1022 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
1023 0)
1024 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
1025 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
1026 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
1027 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
1028 goto err;
1029
1030 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1031 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
1032 goto err;
1033 OPENSSL_free(encoded);
1034 encoded = NULL;
1035 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
1036 OPENSSL_free(encoded);
1037 encoded = NULL;
1038 goto err;
1039 }
1040
1041 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1042 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1043 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1044 buffer, sizeof(buffer), &len), 1)
1045 || !TEST_int_eq(len, 65))
1046 goto err;
1047
1048 len = 0;
1049 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1050 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1051 NULL, 0, &len), 1)
1052 || !TEST_int_eq(len, 65))
1053 goto err;
1054
1055 /* too-short buffer len*/
1056 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
1057 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
1058 buffer, 10, &len), 0))
1059 goto err;
1060
1061 ret = 1;
1062 err:
1063 OSSL_PARAM_free(params);
1064 OSSL_PARAM_BLD_free(bld);
1065 EVP_PKEY_free(just_params);
1066 EVP_PKEY_free(params_and_priv);
1067 EVP_PKEY_free(params_and_pub);
1068 EVP_PKEY_free(params_and_keypair);
1069 BN_free(priv);
1070
1071 return ret;
1072}
1073
1074/* Test that using a legacy EC key with only a private key in it works */
1075# ifndef OPENSSL_NO_DEPRECATED_3_0
1076static int test_EC_priv_only_legacy(void)
1077{
1078 BIGNUM *priv = NULL;
1079 int ret = 0;
1080 EC_KEY *eckey = NULL;
1081 EVP_PKEY *pkey = NULL, *dup_pk = NULL;
1082 EVP_MD_CTX *ctx = NULL;
1083
1084 /* Create the low level EC_KEY */
1085 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
1086 goto err;
1087
1088 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
1089 if (!TEST_ptr(eckey))
1090 goto err;
1091
1092 if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
1093 goto err;
1094
1095 pkey = EVP_PKEY_new();
1096 if (!TEST_ptr(pkey))
1097 goto err;
1098
1099 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
1100 goto err;
1101 eckey = NULL;
1102
1103 while (dup_pk == NULL) {
1104 ret = 0;
1105 ctx = EVP_MD_CTX_new();
1106 if (!TEST_ptr(ctx))
1107 goto err;
1108
1109 /*
1110 * The EVP_DigestSignInit function should create the key on the
1111 * provider side which is sufficient for this test.
1112 */
1113 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
1114 testpropq, pkey, NULL)))
1115 goto err;
1116 EVP_MD_CTX_free(ctx);
1117 ctx = NULL;
1118
1119 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
1120 goto err;
1121 /* EVP_PKEY_eq() returns -2 with missing public keys */
1122 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
1123 EVP_PKEY_free(pkey);
1124 pkey = dup_pk;
1125 if (!ret)
1126 goto err;
1127 }
1128
1129 err:
1130 EVP_MD_CTX_free(ctx);
1131 EVP_PKEY_free(pkey);
1132 EC_KEY_free(eckey);
1133 BN_free(priv);
1134
1135 return ret;
1136}
1137# endif /* OPENSSL_NO_DEPRECATED_3_0 */
1138#endif /* OPENSSL_NO_EC */
1139
1140static int test_EVP_PKEY_sign(int tst)
1141{
1142 int ret = 0;
1143 EVP_PKEY *pkey = NULL;
1144 unsigned char *sig = NULL;
1145 size_t sig_len = 0, shortsig_len = 1;
1146 EVP_PKEY_CTX *ctx = NULL;
1147 unsigned char tbs[] = {
1148 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1149 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1150 };
1151
1152 if (tst == 0 ) {
1153 if (!TEST_ptr(pkey = load_example_rsa_key()))
1154 goto out;
1155 } else if (tst == 1) {
1156#ifndef OPENSSL_NO_DSA
1157 if (!TEST_ptr(pkey = load_example_dsa_key()))
1158 goto out;
1159#else
1160 ret = 1;
1161 goto out;
1162#endif
1163 } else {
1164#ifndef OPENSSL_NO_EC
1165 if (!TEST_ptr(pkey = load_example_ec_key()))
1166 goto out;
1167#else
1168 ret = 1;
1169 goto out;
1170#endif
1171 }
1172
1173 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1174 if (!TEST_ptr(ctx)
1175 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1176 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1177 sizeof(tbs)), 0))
1178 goto out;
1179 sig = OPENSSL_malloc(sig_len);
1180 if (!TEST_ptr(sig)
1181 /* Test sending a signature buffer that is too short is rejected */
1182 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1183 sizeof(tbs)), 0)
1184 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1185 0)
1186 /* Test the signature round-trips */
1187 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1188 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1189 0))
1190 goto out;
1191
1192 ret = 1;
1193 out:
1194 EVP_PKEY_CTX_free(ctx);
1195 OPENSSL_free(sig);
1196 EVP_PKEY_free(pkey);
1197 return ret;
1198}
1199
1200#ifndef OPENSSL_NO_DEPRECATED_3_0
1201static int test_EVP_PKEY_sign_with_app_method(int tst)
1202{
1203 int ret = 0;
1204 EVP_PKEY *pkey = NULL;
1205 RSA *rsa = NULL;
1206 RSA_METHOD *rsa_meth = NULL;
1207#ifndef OPENSSL_NO_DSA
1208 DSA *dsa = NULL;
1209 DSA_METHOD *dsa_meth = NULL;
1210#endif
1211 unsigned char *sig = NULL;
1212 size_t sig_len = 0, shortsig_len = 1;
1213 EVP_PKEY_CTX *ctx = NULL;
1214 unsigned char tbs[] = {
1215 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1216 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1217 };
1218
1219 if (tst == 0) {
1220 if (!TEST_ptr(pkey = load_example_rsa_key()))
1221 goto out;
1222 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
1223 goto out;
1224
1225 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
1226 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
1227 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
1228 goto out;
1229 rsa = NULL; /* now owned by the pkey */
1230 } else {
1231#ifndef OPENSSL_NO_DSA
1232 if (!TEST_ptr(pkey = load_example_dsa_key()))
1233 goto out;
1234 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
1235 goto out;
1236
1237 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
1238 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
1239 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
1240 goto out;
1241 dsa = NULL; /* now owned by the pkey */
1242#else
1243 ret = 1;
1244 goto out;
1245#endif
1246 }
1247
1248 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
1249 if (!TEST_ptr(ctx)
1250 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
1251 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
1252 sizeof(tbs)), 0))
1253 goto out;
1254 sig = OPENSSL_malloc(sig_len);
1255 if (!TEST_ptr(sig)
1256 /* Test sending a signature buffer that is too short is rejected */
1257 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
1258 sizeof(tbs)), 0)
1259 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
1260 0)
1261 /* Test the signature round-trips */
1262 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
1263 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
1264 0))
1265 goto out;
1266
1267 ret = 1;
1268 out:
1269 EVP_PKEY_CTX_free(ctx);
1270 OPENSSL_free(sig);
1271 EVP_PKEY_free(pkey);
1272 RSA_free(rsa);
1273 RSA_meth_free(rsa_meth);
1274#ifndef OPENSSL_NO_DSA
1275 DSA_free(dsa);
1276 DSA_meth_free(dsa_meth);
1277#endif
1278 return ret;
1279}
1280#endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1281
1282/*
1283 * n = 0 => test using legacy cipher
1284 * n = 1 => test using fetched cipher
1285 */
1286static int test_EVP_Enveloped(int n)
1287{
1288 int ret = 0;
1289 EVP_CIPHER_CTX *ctx = NULL;
1290 EVP_PKEY *keypair = NULL;
1291 unsigned char *kek = NULL;
1292 unsigned char iv[EVP_MAX_IV_LENGTH];
1293 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1294 int len, kek_len, ciphertext_len, plaintext_len;
1295 unsigned char ciphertext[32], plaintext[16];
1296 EVP_CIPHER *type = NULL;
1297
1298 if (nullprov != NULL)
1299 return TEST_skip("Test does not support a non-default library context");
1300
1301 if (n == 0)
1302 type = (EVP_CIPHER *)EVP_aes_256_cbc();
1303 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
1304 testpropq)))
1305 goto err;
1306
1307 if (!TEST_ptr(keypair = load_example_rsa_key())
1308 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
1309 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
1310 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
1311 &keypair, 1))
1312 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
1313 msg, sizeof(msg)))
1314 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
1315 &len)))
1316 goto err;
1317
1318 ciphertext_len += len;
1319
1320 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
1321 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
1322 ciphertext, ciphertext_len))
1323 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
1324 goto err;
1325
1326 plaintext_len += len;
1327 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
1328 goto err;
1329
1330 ret = 1;
1331err:
1332 if (n != 0)
1333 EVP_CIPHER_free(type);
1334 OPENSSL_free(kek);
1335 EVP_PKEY_free(keypair);
1336 EVP_CIPHER_CTX_free(ctx);
1337 return ret;
1338}
1339
1340/*
1341 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1342 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1343 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1344 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1345 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1346 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1347 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1348 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1349 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1350 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1351 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1352 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1353 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1354 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1355 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1356 * Test 15-29: Same as above with reinitialization
1357 */
1358static int test_EVP_DigestSignInit(int tst)
1359{
1360 int ret = 0;
1361 EVP_PKEY *pkey = NULL;
1362 unsigned char *sig = NULL, *sig2 = NULL;
1363 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
1364 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
1365 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
1366 BIO *mdbio = NULL, *membio = NULL;
1367 size_t written;
1368 const EVP_MD *md;
1369 EVP_MD *mdexp = NULL;
1370 int reinit = 0;
1371
1372 if (nullprov != NULL)
1373 return TEST_skip("Test does not support a non-default library context");
1374
1375 if (tst >= 15) {
1376 reinit = 1;
1377 tst -= 15;
1378 }
1379
1380 if (tst >= 6 && tst <= 8) {
1381 membio = BIO_new(BIO_s_mem());
1382 mdbio = BIO_new(BIO_f_md());
1383 if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
1384 goto out;
1385 BIO_push(mdbio, membio);
1386 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
1387 goto out;
1388 } else {
1389 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
1390 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
1391 goto out;
1392 }
1393
1394 if (tst % 3 == 0) {
1395 if (!TEST_ptr(pkey = load_example_rsa_key()))
1396 goto out;
1397 } else if (tst % 3 == 1) {
1398#ifndef OPENSSL_NO_DSA
1399 if (!TEST_ptr(pkey = load_example_dsa_key()))
1400 goto out;
1401#else
1402 ret = 1;
1403 goto out;
1404#endif
1405 } else {
1406 if (!TEST_ptr(pkey = load_example_hmac_key()))
1407 goto out;
1408 }
1409
1410 if (tst >= 3 && tst <= 5)
1411 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
1412 else
1413 md = EVP_sha256();
1414
1415 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
1416 goto out;
1417
1418 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
1419 goto out;
1420
1421 if (tst >= 6 && tst <= 8) {
1422 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
1423 goto out;
1424 } else if (tst < 6) {
1425 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
1426 goto out;
1427 }
1428
1429 if (tst >= 9) {
1430 /* Determine the size of the signature. */
1431 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
1432 sizeof(kMsg)))
1433 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
1434 goto out;
1435 if (tst <= 11) {
1436 /* Test that supply a short sig buffer fails */
1437 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
1438 sizeof(kMsg))))
1439 goto out;
1440 /*
1441 * We end here because once EVP_DigestSign() has failed you should
1442 * not call it again without re-initing the ctx
1443 */
1444 ret = 1;
1445 goto out;
1446 }
1447 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
1448 sizeof(kMsg))))
1449 goto out;
1450 } else {
1451 /* Determine the size of the signature. */
1452 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
1453 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
1454 /*
1455 * Trying to create a signature with a deliberately short
1456 * buffer should fail.
1457 */
1458 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
1459 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
1460 goto out;
1461 }
1462
1463 /*
1464 * Ensure that the signature round-trips (Verification isn't supported for
1465 * HMAC via EVP_DigestVerify*)
1466 */
1467 if (tst % 3 != 2) {
1468 if (tst >= 6 && tst <= 8) {
1469 if (!TEST_int_gt(BIO_reset(mdbio), 0)
1470 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
1471 goto out;
1472 }
1473
1474 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
1475 NULL, pkey)))
1476 goto out;
1477
1478 if (tst >= 6 && tst <= 8) {
1479 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
1480 goto out;
1481 } else {
1482 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
1483 sizeof(kMsg))))
1484 goto out;
1485 }
1486 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1487 goto out;
1488
1489 /* Multiple calls to EVP_DigestVerifyFinal should work */
1490 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
1491 goto out;
1492 } else {
1493 /*
1494 * For HMAC a doubled call to DigestSignFinal should produce the same
1495 * value as finalization should not happen.
1496 */
1497 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
1498 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
1499 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
1500 goto out;
1501
1502 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
1503 goto out;
1504 }
1505
1506 ret = 1;
1507
1508 out:
1509 BIO_free(membio);
1510 BIO_free(mdbio);
1511 EVP_MD_CTX_free(a_md_ctx);
1512 EVP_MD_CTX_free(a_md_ctx_verify);
1513 EVP_PKEY_free(pkey);
1514 OPENSSL_free(sig);
1515 OPENSSL_free(sig2);
1516 EVP_MD_free(mdexp);
1517
1518 return ret;
1519}
1520
1521static int test_EVP_DigestVerifyInit(void)
1522{
1523 int ret = 0;
1524 EVP_PKEY *pkey = NULL;
1525 EVP_MD_CTX *md_ctx = NULL;
1526
1527 if (nullprov != NULL)
1528 return TEST_skip("Test does not support a non-default library context");
1529
1530 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
1531 || !TEST_ptr(pkey = load_example_rsa_key()))
1532 goto out;
1533
1534 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
1535 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1536 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1537 sizeof(kSignature)), 0))
1538 goto out;
1539
1540 /* test with reinitialization */
1541 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
1542 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
1543 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
1544 sizeof(kSignature)), 0))
1545 goto out;
1546 ret = 1;
1547
1548 out:
1549 EVP_MD_CTX_free(md_ctx);
1550 EVP_PKEY_free(pkey);
1551 return ret;
1552}
1553
1554#ifndef OPENSSL_NO_SIPHASH
1555/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1556static int test_siphash_digestsign(void)
1557{
1558 unsigned char key[16];
1559 unsigned char buf[8], digest[8];
1560 unsigned char expected[8] = {
1561 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1562 };
1563 EVP_PKEY *pkey = NULL;
1564 EVP_MD_CTX *mdctx = NULL;
1565 EVP_PKEY_CTX *ctx = NULL;
1566 int ret = 0;
1567 size_t len = 8;
1568
1569 if (nullprov != NULL)
1570 return TEST_skip("Test does not support a non-default library context");
1571
1572 memset(buf, 0, 8);
1573 memset(key, 1, 16);
1574 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
1575 key, 16)))
1576 goto out;
1577
1578 if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
1579 goto out;
1580
1581 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
1582 goto out;
1583 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
1584 EVP_PKEY_CTRL_SET_DIGEST_SIZE,
1585 8, NULL), 1))
1586 goto out;
1587 /* reinitialize */
1588 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
1589 goto out;
1590 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
1591 goto out;
1592 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
1593 goto out;
1594 if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
1595 goto out;
1596
1597 ret = 1;
1598 out:
1599 EVP_PKEY_free(pkey);
1600 EVP_MD_CTX_free(mdctx);
1601 return ret;
1602}
1603#endif
1604
1605/*
1606 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1607 */
1608static int test_EVP_Digest(void)
1609{
1610 int ret = 0;
1611 EVP_MD_CTX *md_ctx = NULL;
1612 unsigned char md[EVP_MAX_MD_SIZE];
1613 EVP_MD *sha256 = NULL;
1614 EVP_MD *shake256 = NULL;
1615
1616 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1617 goto out;
1618
1619 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
1620 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
1621 goto out;
1622
1623 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1624 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1625 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
1626 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1627 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
1628 goto out;
1629
1630 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
1631 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1632 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
1633 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1634 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1635 /*
1636 * EVP_DigestInit_ex with NULL type should work on
1637 * pre-initialized context.
1638 */
1639 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1640 goto out;
1641
1642 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
1643 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
1644 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
1645 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1646 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
1647 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
1648 goto out;
1649 ret = 1;
1650
1651 out:
1652 EVP_MD_CTX_free(md_ctx);
1653 EVP_MD_free(sha256);
1654 EVP_MD_free(shake256);
1655 return ret;
1656}
1657
1658static int test_EVP_md_null(void)
1659{
1660 int ret = 0;
1661 EVP_MD_CTX *md_ctx = NULL;
1662 const EVP_MD *md_null = EVP_md_null();
1663 unsigned char md_value[EVP_MAX_MD_SIZE];
1664 unsigned int md_len = sizeof(md_value);
1665
1666 if (nullprov != NULL)
1667 return TEST_skip("Test does not support a non-default library context");
1668
1669 if (!TEST_ptr(md_null)
1670 || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
1671 goto out;
1672
1673 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
1674 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
1675 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
1676 goto out;
1677
1678 if (!TEST_uint_eq(md_len, 0))
1679 goto out;
1680
1681 ret = 1;
1682 out:
1683 EVP_MD_CTX_free(md_ctx);
1684 return ret;
1685}
1686
1687static int test_d2i_AutoPrivateKey(int i)
1688{
1689 int ret = 0;
1690 const unsigned char *p;
1691 EVP_PKEY *pkey = NULL;
1692 const APK_DATA *ak = &keydata[i];
1693 const unsigned char *input = ak->kder;
1694 size_t input_len = ak->size;
1695 int expected_id = ak->evptype;
1696
1697 p = input;
1698 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
1699 || !TEST_ptr_eq(p, input + input_len)
1700 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
1701 goto done;
1702
1703 ret = 1;
1704
1705 done:
1706 EVP_PKEY_free(pkey);
1707 return ret;
1708}
1709
1710#ifndef OPENSSL_NO_EC
1711
1712static const unsigned char ec_public_sect163k1_validxy[] = {
1713 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1714 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1715 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1716 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1717 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1718 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1719};
1720
1721static const unsigned char ec_public_sect163k1_badx[] = {
1722 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1723 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1724 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1725 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1726 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1727 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1728};
1729
1730static const unsigned char ec_public_sect163k1_bady[] = {
1731 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1732 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1733 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1734 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1735 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1736 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1737};
1738
1739static struct ec_der_pub_keys_st {
1740 const unsigned char *der;
1741 size_t len;
1742 int valid;
1743} ec_der_pub_keys[] = {
1744 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
1745 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
1746 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
1747};
1748
1749/*
1750 * Tests the range of the decoded EC char2 public point.
1751 * See ec_GF2m_simple_oct2point().
1752 */
1753static int test_invalide_ec_char2_pub_range_decode(int id)
1754{
1755 int ret = 0;
1756 EVP_PKEY *pkey;
1757
1758 pkey = load_example_key("EC", ec_der_pub_keys[id].der,
1759 ec_der_pub_keys[id].len);
1760
1761 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
1762 || TEST_ptr_null(pkey);
1763 EVP_PKEY_free(pkey);
1764 return ret;
1765}
1766
1767/* Tests loading a bad key in PKCS8 format */
1768static int test_EVP_PKCS82PKEY(void)
1769{
1770 int ret = 0;
1771 const unsigned char *derp = kExampleBadECKeyDER;
1772 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1773 EVP_PKEY *pkey = NULL;
1774
1775 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
1776 sizeof(kExampleBadECKeyDER))))
1777 goto done;
1778
1779 if (!TEST_ptr_eq(derp,
1780 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
1781 goto done;
1782
1783 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
1784 goto done;
1785
1786 ret = 1;
1787
1788 done:
1789 PKCS8_PRIV_KEY_INFO_free(p8inf);
1790 EVP_PKEY_free(pkey);
1791
1792 return ret;
1793}
1794
1795#endif
1796static int test_EVP_PKCS82PKEY_wrong_tag(void)
1797{
1798 EVP_PKEY *pkey = NULL;
1799 EVP_PKEY *pkey2 = NULL;
1800 BIO *membio = NULL;
1801 char *membuf = NULL;
1802 PKCS8_PRIV_KEY_INFO *p8inf = NULL;
1803 int ok = 0;
1804
1805 if (testctx != NULL)
1806 /* test not supported with non-default context */
1807 return 1;
1808
1809 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1810 || !TEST_ptr(pkey = load_example_rsa_key())
1811 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1812 NULL, 0, NULL, NULL),
1813 0)
1814 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
1815 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
1816 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
1817 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1818 goto done;
1819 }
1820
1821 ok = 1;
1822 done:
1823 EVP_PKEY_free(pkey);
1824 EVP_PKEY_free(pkey2);
1825 PKCS8_PRIV_KEY_INFO_free(p8inf);
1826 BIO_free_all(membio);
1827 return ok;
1828}
1829
1830/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1831static int test_privatekey_to_pkcs8(void)
1832{
1833 EVP_PKEY *pkey = NULL;
1834 BIO *membio = NULL;
1835 char *membuf = NULL;
1836 long membuf_len = 0;
1837 int ok = 0;
1838
1839 if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
1840 || !TEST_ptr(pkey = load_example_rsa_key())
1841 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
1842 NULL, 0, NULL, NULL),
1843 0)
1844 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
1845 || !TEST_ptr(membuf)
1846 || !TEST_mem_eq(membuf, (size_t)membuf_len,
1847 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
1848 /*
1849 * We try to write PEM as well, just to see that it doesn't err, but
1850 * assume that the result is correct.
1851 */
1852 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
1853 NULL, 0, NULL, NULL),
1854 0))
1855 goto done;
1856
1857 ok = 1;
1858 done:
1859 EVP_PKEY_free(pkey);
1860 BIO_free_all(membio);
1861 return ok;
1862}
1863
1864#ifndef OPENSSL_NO_EC
1865static const struct {
1866 int encoding;
1867 const char *encoding_name;
1868} ec_encodings[] = {
1869 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
1870 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
1871};
1872
1873static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
1874{
1875 const OSSL_PARAM *p;
1876 const char *enc_name = NULL;
1877 int *enc = arg;
1878 size_t i;
1879
1880 *enc = -1;
1881
1882 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
1883 OSSL_PKEY_PARAM_EC_ENCODING))
1884 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
1885 return 0;
1886
1887 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
1888 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
1889 *enc = ec_encodings[i].encoding;
1890 break;
1891 }
1892 }
1893
1894 return (*enc != -1);
1895}
1896
1897static int test_EC_keygen_with_enc(int idx)
1898{
1899 EVP_PKEY *params = NULL, *key = NULL;
1900 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
1901 int enc;
1902 int ret = 0;
1903
1904 enc = ec_encodings[idx].encoding;
1905
1906 /* Create key parameters */
1907 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
1908 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
1909 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
1910 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
1911 || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
1912 || !TEST_ptr(params))
1913 goto done;
1914
1915 /* Create key */
1916 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
1917 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
1918 || !TEST_true(EVP_PKEY_keygen(kctx, &key))
1919 || !TEST_ptr(key))
1920 goto done;
1921
1922 /* Check that the encoding got all the way into the key */
1923 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
1924 ec_export_get_encoding_cb, &enc))
1925 || !TEST_int_eq(enc, ec_encodings[idx].encoding))
1926 goto done;
1927
1928 ret = 1;
1929 done:
1930 EVP_PKEY_free(key);
1931 EVP_PKEY_free(params);
1932 EVP_PKEY_CTX_free(kctx);
1933 EVP_PKEY_CTX_free(pctx);
1934 return ret;
1935}
1936#endif
1937
1938#if !defined(OPENSSL_NO_SM2)
1939
1940static int test_EVP_SM2_verify(void)
1941{
1942 const char *pubkey =
1943 "-----BEGIN PUBLIC KEY-----\n"
1944 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1945 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1946 "-----END PUBLIC KEY-----\n";
1947
1948 const char *msg = "message digest";
1949 const char *id = "[email protected]";
1950
1951 const uint8_t signature[] = {
1952 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1953 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1954 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1955 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1956 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1957 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1958 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1959 };
1960
1961 int rc = 0;
1962 BIO *bio = NULL;
1963 EVP_PKEY *pkey = NULL;
1964 EVP_MD_CTX *mctx = NULL;
1965 EVP_PKEY_CTX *pctx = NULL;
1966 EVP_MD *sm3 = NULL;
1967
1968 bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
1969 if (!TEST_true(bio != NULL))
1970 goto done;
1971
1972 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
1973 if (!TEST_true(pkey != NULL))
1974 goto done;
1975
1976 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
1977 goto done;
1978
1979 if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
1980 goto done;
1981
1982 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
1983 goto done;
1984
1985 EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
1986
1987 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
1988 goto done;
1989
1990 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
1991 goto done;
1992
1993 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
1994 goto done;
1995
1996 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
1997 goto done;
1998
1999 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
2000 goto done;
2001 rc = 1;
2002
2003 done:
2004 BIO_free(bio);
2005 EVP_PKEY_free(pkey);
2006 EVP_PKEY_CTX_free(pctx);
2007 EVP_MD_CTX_free(mctx);
2008 EVP_MD_free(sm3);
2009 return rc;
2010}
2011
2012static int test_EVP_SM2(void)
2013{
2014 int ret = 0;
2015 EVP_PKEY *pkey = NULL;
2016 EVP_PKEY *pkeyparams = NULL;
2017 EVP_PKEY_CTX *pctx = NULL;
2018 EVP_PKEY_CTX *kctx = NULL;
2019 EVP_PKEY_CTX *sctx = NULL;
2020 size_t sig_len = 0;
2021 unsigned char *sig = NULL;
2022 EVP_MD_CTX *md_ctx = NULL;
2023 EVP_MD_CTX *md_ctx_verify = NULL;
2024 EVP_PKEY_CTX *cctx = NULL;
2025 EVP_MD *check_md = NULL;
2026
2027 uint8_t ciphertext[128];
2028 size_t ctext_len = sizeof(ciphertext);
2029
2030 uint8_t plaintext[8];
2031 size_t ptext_len = sizeof(plaintext);
2032
2033 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2034
2035 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2036 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
2037 int i;
2038 char mdname[OSSL_MAX_NAME_SIZE];
2039
2040 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
2041 "SM2", testpropq)))
2042 goto done;
2043
2044 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
2045 goto done;
2046
2047 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
2048 goto done;
2049
2050 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
2051 goto done;
2052
2053 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2054 pkeyparams, testpropq)))
2055 goto done;
2056
2057 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
2058 goto done;
2059
2060 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
2061 goto done;
2062
2063 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
2064 goto done;
2065
2066 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
2067 goto done;
2068
2069 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2070 goto done;
2071
2072 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
2073 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
2074
2075 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
2076 goto done;
2077
2078 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
2079 goto done;
2080
2081 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2082 goto done;
2083
2084 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
2085 goto done;
2086
2087 /* Determine the size of the signature. */
2088 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
2089 goto done;
2090
2091 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
2092 goto done;
2093
2094 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
2095 goto done;
2096
2097 /* Ensure that the signature round-trips. */
2098
2099 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2100 pkey)))
2101 goto done;
2102
2103 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
2104 goto done;
2105
2106 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2107 goto done;
2108
2109 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2110 goto done;
2111
2112 /*
2113 * Try verify again with non-matching 0 length id but ensure that it can
2114 * be set on the context and overrides the previous value.
2115 */
2116
2117 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
2118 pkey)))
2119 goto done;
2120
2121 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
2122 goto done;
2123
2124 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
2125 goto done;
2126
2127 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
2128 goto done;
2129
2130 /* now check encryption/decryption */
2131
2132 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2133 mdname, sizeof(mdname));
2134 for (i = 0; i < 2; i++) {
2135 const char *mdnames[] = {
2136#ifndef OPENSSL_NO_SM3
2137 "SM3",
2138#else
2139 NULL,
2140#endif
2141 "SHA2-256" };
2142 EVP_PKEY_CTX_free(cctx);
2143
2144 if (mdnames[i] == NULL)
2145 continue;
2146
2147 sparams[0] =
2148 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
2149 (char *)mdnames[i], 0);
2150
2151 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
2152 pkey, testpropq)))
2153 goto done;
2154
2155 if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
2156 goto done;
2157
2158 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2159 goto done;
2160
2161 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
2162 sizeof(kMsg))))
2163 goto done;
2164
2165 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
2166 goto done;
2167
2168 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
2169 goto done;
2170
2171 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
2172 ctext_len), 0))
2173 goto done;
2174
2175 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
2176 goto done;
2177
2178 /*
2179 * Test we're still using the digest we think we are.
2180 * Because of aliases, the easiest is to fetch the digest and
2181 * check the name with EVP_MD_is_a().
2182 */
2183 EVP_MD_free(check_md);
2184 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
2185 goto done;
2186 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
2187 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
2188 goto done;
2189 }
2190
2191 if (!TEST_true(ptext_len == sizeof(kMsg)))
2192 goto done;
2193
2194 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
2195 goto done;
2196 }
2197
2198 ret = 1;
2199done:
2200 EVP_PKEY_CTX_free(pctx);
2201 EVP_PKEY_CTX_free(kctx);
2202 EVP_PKEY_CTX_free(sctx);
2203 EVP_PKEY_CTX_free(cctx);
2204 EVP_PKEY_free(pkey);
2205 EVP_PKEY_free(pkeyparams);
2206 EVP_MD_CTX_free(md_ctx);
2207 EVP_MD_CTX_free(md_ctx_verify);
2208 EVP_MD_free(check_md);
2209 OPENSSL_free(sig);
2210 return ret;
2211}
2212
2213#endif
2214
2215static struct keys_st {
2216 int type;
2217 char *priv;
2218 char *pub;
2219} keys[] = {
2220 {
2221 EVP_PKEY_HMAC, "0123456789", NULL
2222 },
2223 {
2224 EVP_PKEY_HMAC, "", NULL
2225#ifndef OPENSSL_NO_POLY1305
2226 }, {
2227 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
2228#endif
2229#ifndef OPENSSL_NO_SIPHASH
2230 }, {
2231 EVP_PKEY_SIPHASH, "0123456789012345", NULL
2232#endif
2233 },
2234#ifndef OPENSSL_NO_EC
2235 {
2236 EVP_PKEY_X25519, "01234567890123456789012345678901",
2237 "abcdefghijklmnopqrstuvwxyzabcdef"
2238 }, {
2239 EVP_PKEY_ED25519, "01234567890123456789012345678901",
2240 "abcdefghijklmnopqrstuvwxyzabcdef"
2241 }, {
2242 EVP_PKEY_X448,
2243 "01234567890123456789012345678901234567890123456789012345",
2244 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2245 }, {
2246 EVP_PKEY_ED448,
2247 "012345678901234567890123456789012345678901234567890123456",
2248 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2249 }
2250#endif
2251};
2252
2253static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
2254{
2255 int ret = 0;
2256 unsigned char buf[80];
2257 unsigned char *in;
2258 size_t inlen, len = 0, shortlen = 1;
2259 EVP_PKEY *pkey;
2260
2261 /* Check if this algorithm supports public keys */
2262 if (pub && keys[tst].pub == NULL)
2263 return 1;
2264
2265 memset(buf, 0, sizeof(buf));
2266
2267 if (pub) {
2268#ifndef OPENSSL_NO_EC
2269 inlen = strlen(keys[tst].pub);
2270 in = (unsigned char *)keys[tst].pub;
2271 if (uselibctx) {
2272 pkey = EVP_PKEY_new_raw_public_key_ex(
2273 testctx,
2274 OBJ_nid2sn(keys[tst].type),
2275 NULL,
2276 in,
2277 inlen);
2278 } else {
2279 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
2280 NULL,
2281 in,
2282 inlen);
2283 }
2284#else
2285 return 1;
2286#endif
2287 } else {
2288 inlen = strlen(keys[tst].priv);
2289 in = (unsigned char *)keys[tst].priv;
2290 if (uselibctx) {
2291 pkey = EVP_PKEY_new_raw_private_key_ex(
2292 testctx, OBJ_nid2sn(keys[tst].type),
2293 NULL,
2294 in,
2295 inlen);
2296 } else {
2297 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
2298 NULL,
2299 in,
2300 inlen);
2301 }
2302 }
2303
2304 if (!TEST_ptr(pkey)
2305 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
2306 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
2307 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
2308 || !TEST_true(len == inlen))
2309 goto done;
2310 if (tst != 1) {
2311 /*
2312 * Test that supplying a buffer that is too small fails. Doesn't apply
2313 * to HMAC with a zero length key
2314 */
2315 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
2316 &shortlen)))
2317 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
2318 &shortlen))))
2319 goto done;
2320 }
2321 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
2322 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
2323 || !TEST_mem_eq(in, inlen, buf, len))
2324 goto done;
2325
2326 ret = 1;
2327 done:
2328 EVP_PKEY_free(pkey);
2329 return ret;
2330}
2331
2332static int test_set_get_raw_keys(int tst)
2333{
2334 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
2335 && test_set_get_raw_keys_int(tst, 0, 1)
2336 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
2337 && test_set_get_raw_keys_int(tst, 1, 1);
2338}
2339
2340#ifndef OPENSSL_NO_DEPRECATED_3_0
2341static int pkey_custom_check(EVP_PKEY *pkey)
2342{
2343 return 0xbeef;
2344}
2345
2346static int pkey_custom_pub_check(EVP_PKEY *pkey)
2347{
2348 return 0xbeef;
2349}
2350
2351static int pkey_custom_param_check(EVP_PKEY *pkey)
2352{
2353 return 0xbeef;
2354}
2355
2356static EVP_PKEY_METHOD *custom_pmeth;
2357#endif
2358
2359static int test_EVP_PKEY_check(int i)
2360{
2361 int ret = 0;
2362 EVP_PKEY *pkey = NULL;
2363 EVP_PKEY_CTX *ctx = NULL;
2364#ifndef OPENSSL_NO_DEPRECATED_3_0
2365 EVP_PKEY_CTX *ctx2 = NULL;
2366#endif
2367 const APK_DATA *ak = &keycheckdata[i];
2368 const unsigned char *input = ak->kder;
2369 size_t input_len = ak->size;
2370 int expected_id = ak->evptype;
2371 int expected_check = ak->check;
2372 int expected_pub_check = ak->pub_check;
2373 int expected_param_check = ak->param_check;
2374 int type = ak->type;
2375
2376 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
2377 goto done;
2378 if (type == 0
2379 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
2380 goto done;
2381
2382 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
2383 goto done;
2384
2385 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
2386 goto done;
2387
2388 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
2389 goto done;
2390
2391 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
2392 goto done;
2393
2394#ifndef OPENSSL_NO_DEPRECATED_3_0
2395 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
2396 /* assign the pkey directly, as an internal test */
2397 EVP_PKEY_up_ref(pkey);
2398 ctx2->pkey = pkey;
2399
2400 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
2401 goto done;
2402
2403 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
2404 goto done;
2405
2406 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
2407 goto done;
2408#endif
2409
2410 ret = 1;
2411
2412 done:
2413 EVP_PKEY_CTX_free(ctx);
2414#ifndef OPENSSL_NO_DEPRECATED_3_0
2415 EVP_PKEY_CTX_free(ctx2);
2416#endif
2417 EVP_PKEY_free(pkey);
2418 return ret;
2419}
2420
2421#ifndef OPENSSL_NO_CMAC
2422static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
2423{
2424 EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
2425 const char msg[] = "Hello World";
2426 size_t maclen = AES_BLOCK_SIZE;
2427 int ret = 1;
2428
2429 if (!TEST_ptr(mdctx)
2430 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
2431 testpropq, pkey, NULL))
2432 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
2433 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
2434 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
2435 ret = 0;
2436
2437 EVP_MD_CTX_free(mdctx);
2438
2439 return ret;
2440}
2441static int test_CMAC_keygen(void)
2442{
2443 static unsigned char key[] = {
2444 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2445 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2446 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2447 };
2448 EVP_PKEY_CTX *kctx = NULL;
2449 int ret = 0;
2450 EVP_PKEY *pkey = NULL;
2451 unsigned char mac[AES_BLOCK_SIZE];
2452# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2453 unsigned char mac2[AES_BLOCK_SIZE];
2454# endif
2455
2456 if (nullprov != NULL)
2457 return TEST_skip("Test does not support a non-default library context");
2458
2459 /*
2460 * This is a legacy method for CMACs, but should still work.
2461 * This verifies that it works without an ENGINE.
2462 */
2463 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
2464
2465 /* Test a CMAC key created using the "generated" method */
2466 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
2467 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2468 EVP_PKEY_CTRL_CIPHER,
2469 0, (void *)EVP_aes_256_cbc()), 0)
2470 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
2471 EVP_PKEY_CTRL_SET_MAC_KEY,
2472 sizeof(key), (void *)key), 0)
2473 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
2474 || !TEST_ptr(pkey)
2475 || !TEST_true(get_cmac_val(pkey, mac)))
2476 goto done;
2477
2478# if !defined(OPENSSL_NO_DEPRECATED_3_0)
2479 EVP_PKEY_free(pkey);
2480
2481 /*
2482 * Test a CMAC key using the direct method, and compare with the mac
2483 * created above.
2484 */
2485 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
2486 if (!TEST_ptr(pkey)
2487 || !TEST_true(get_cmac_val(pkey, mac2))
2488 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
2489 goto done;
2490# endif
2491
2492 ret = 1;
2493
2494 done:
2495 EVP_PKEY_free(pkey);
2496 EVP_PKEY_CTX_free(kctx);
2497 return ret;
2498}
2499#endif
2500
2501static int test_HKDF(void)
2502{
2503 EVP_PKEY_CTX *pctx;
2504 unsigned char out[20];
2505 size_t outlen;
2506 int i, ret = 0;
2507 unsigned char salt[] = "0123456789";
2508 unsigned char key[] = "012345678901234567890123456789";
2509 unsigned char info[] = "infostring";
2510 const unsigned char expected[] = {
2511 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2512 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2513 };
2514 size_t expectedlen = sizeof(expected);
2515
2516 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2517 goto done;
2518
2519 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2520 for (i = 0; i < 2; i++) {
2521 outlen = sizeof(out);
2522 memset(out, 0, outlen);
2523
2524 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2525 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2526 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2527 sizeof(salt) - 1), 0)
2528 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2529 sizeof(key) - 1), 0)
2530 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2531 sizeof(info) - 1), 0)
2532 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2533 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2534 goto done;
2535 }
2536
2537 ret = 1;
2538
2539 done:
2540 EVP_PKEY_CTX_free(pctx);
2541
2542 return ret;
2543}
2544
2545static int test_emptyikm_HKDF(void)
2546{
2547 EVP_PKEY_CTX *pctx;
2548 unsigned char out[20];
2549 size_t outlen;
2550 int ret = 0;
2551 unsigned char salt[] = "9876543210";
2552 unsigned char key[] = "";
2553 unsigned char info[] = "stringinfo";
2554 const unsigned char expected[] = {
2555 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2556 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2557 };
2558 size_t expectedlen = sizeof(expected);
2559
2560 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
2561 goto done;
2562
2563 outlen = sizeof(out);
2564 memset(out, 0, outlen);
2565
2566 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
2567 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
2568 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
2569 sizeof(salt) - 1), 0)
2570 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
2571 sizeof(key) - 1), 0)
2572 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
2573 sizeof(info) - 1), 0)
2574 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
2575 || !TEST_mem_eq(out, outlen, expected, expectedlen))
2576 goto done;
2577
2578 ret = 1;
2579
2580 done:
2581 EVP_PKEY_CTX_free(pctx);
2582
2583 return ret;
2584}
2585
2586#ifndef OPENSSL_NO_EC
2587static int test_X509_PUBKEY_inplace(void)
2588{
2589 int ret = 0;
2590 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
2591 const unsigned char *p = kExampleECPubKeyDER;
2592 size_t input_len = sizeof(kExampleECPubKeyDER);
2593
2594 if (!TEST_ptr(xp))
2595 goto done;
2596 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
2597 goto done;
2598
2599 if (!TEST_ptr(X509_PUBKEY_get0(xp)))
2600 goto done;
2601
2602 p = kExampleBadECPubKeyDER;
2603 input_len = sizeof(kExampleBadECPubKeyDER);
2604
2605 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
2606 goto done;
2607
2608 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
2609 goto done;
2610
2611 ret = 1;
2612
2613 done:
2614 X509_PUBKEY_free(xp);
2615 return ret;
2616}
2617
2618static int test_X509_PUBKEY_dup(void)
2619{
2620 int ret = 0;
2621 X509_PUBKEY *xp = NULL, *xq = NULL;
2622 const unsigned char *p = kExampleECPubKeyDER;
2623 size_t input_len = sizeof(kExampleECPubKeyDER);
2624
2625 xp = X509_PUBKEY_new_ex(testctx, testpropq);
2626 if (!TEST_ptr(xp)
2627 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
2628 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
2629 || !TEST_ptr_ne(xp, xq))
2630 goto done;
2631
2632 if (!TEST_ptr(X509_PUBKEY_get0(xq))
2633 || !TEST_ptr(X509_PUBKEY_get0(xp))
2634 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
2635 goto done;
2636
2637 X509_PUBKEY_free(xq);
2638 xq = NULL;
2639 p = kExampleBadECPubKeyDER;
2640 input_len = sizeof(kExampleBadECPubKeyDER);
2641
2642 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
2643 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
2644 goto done;
2645
2646 X509_PUBKEY_free(xp);
2647 xp = NULL;
2648 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
2649 goto done;
2650
2651 ret = 1;
2652
2653 done:
2654 X509_PUBKEY_free(xp);
2655 X509_PUBKEY_free(xq);
2656 return ret;
2657}
2658#endif /* OPENSSL_NO_EC */
2659
2660/* Test getting and setting parameters on an EVP_PKEY_CTX */
2661static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
2662{
2663 EVP_MD_CTX *mdctx = NULL;
2664 EVP_PKEY_CTX *ctx = NULL;
2665 const OSSL_PARAM *params;
2666 OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
2667 int ret = 0;
2668 const EVP_MD *md;
2669 char mdname[OSSL_MAX_NAME_SIZE];
2670 char ssl3ms[48];
2671
2672 /* Initialise a sign operation */
2673 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
2674 if (!TEST_ptr(ctx)
2675 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
2676 goto err;
2677
2678 /*
2679 * We should be able to query the parameters now.
2680 */
2681 params = EVP_PKEY_CTX_settable_params(ctx);
2682 if (!TEST_ptr(params)
2683 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2684 OSSL_SIGNATURE_PARAM_DIGEST)))
2685 goto err;
2686
2687 params = EVP_PKEY_CTX_gettable_params(ctx);
2688 if (!TEST_ptr(params)
2689 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2690 OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
2691 || !TEST_ptr(OSSL_PARAM_locate_const(params,
2692 OSSL_SIGNATURE_PARAM_DIGEST)))
2693 goto err;
2694
2695 /*
2696 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2697 * EVP_PKEY_CTX_get_params()
2698 */
2699 strcpy(mdname, "SHA512");
2700 param_md = param;
2701 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2702 mdname, 0);
2703 *param++ = OSSL_PARAM_construct_end();
2704
2705 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
2706 goto err;
2707
2708 mdname[0] = '\0';
2709 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
2710 mdname, sizeof(mdname));
2711 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
2712 || !TEST_str_eq(mdname, "SHA512"))
2713 goto err;
2714
2715 /*
2716 * Test the TEST_PKEY_CTX_set_signature_md() and
2717 * TEST_PKEY_CTX_get_signature_md() functions
2718 */
2719 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
2720 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
2721 || !TEST_ptr_eq(md, EVP_sha256()))
2722 goto err;
2723
2724 /*
2725 * Test getting MD parameters via an associated EVP_PKEY_CTX
2726 */
2727 mdctx = EVP_MD_CTX_new();
2728 if (!TEST_ptr(mdctx)
2729 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
2730 pkey, NULL)))
2731 goto err;
2732
2733 /*
2734 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2735 * able to obtain the digest's settable parameters from the provider.
2736 */
2737 params = EVP_MD_CTX_settable_params(mdctx);
2738 if (!TEST_ptr(params)
2739 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
2740 /* The final key should be NULL */
2741 || !TEST_ptr_null(params[1].key))
2742 goto err;
2743
2744 param = ourparams;
2745 memset(ssl3ms, 0, sizeof(ssl3ms));
2746 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
2747 ssl3ms, sizeof(ssl3ms));
2748 *param++ = OSSL_PARAM_construct_end();
2749
2750 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
2751 goto err;
2752
2753 ret = 1;
2754
2755 err:
2756 EVP_MD_CTX_free(mdctx);
2757 EVP_PKEY_CTX_free(ctx);
2758
2759 return ret;
2760}
2761
2762#ifndef OPENSSL_NO_DSA
2763static int test_DSA_get_set_params(void)
2764{
2765 OSSL_PARAM_BLD *bld = NULL;
2766 OSSL_PARAM *params = NULL;
2767 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
2768 EVP_PKEY_CTX *pctx = NULL;
2769 EVP_PKEY *pkey = NULL;
2770 int ret = 0;
2771
2772 /*
2773 * Setup the parameters for our DSA object. For our purposes they don't
2774 * have to actually be *valid* parameters. We just need to set something.
2775 */
2776 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
2777 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2778 || !TEST_ptr(p = BN_new())
2779 || !TEST_ptr(q = BN_new())
2780 || !TEST_ptr(g = BN_new())
2781 || !TEST_ptr(pub = BN_new())
2782 || !TEST_ptr(priv = BN_new()))
2783 goto err;
2784 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
2785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
2786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
2787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
2788 pub))
2789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
2790 priv)))
2791 goto err;
2792 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2793 goto err;
2794
2795 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2796 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2797 params), 0))
2798 goto err;
2799
2800 if (!TEST_ptr(pkey))
2801 goto err;
2802
2803 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2804
2805 err:
2806 EVP_PKEY_free(pkey);
2807 EVP_PKEY_CTX_free(pctx);
2808 OSSL_PARAM_free(params);
2809 OSSL_PARAM_BLD_free(bld);
2810 BN_free(p);
2811 BN_free(q);
2812 BN_free(g);
2813 BN_free(pub);
2814 BN_free(priv);
2815
2816 return ret;
2817}
2818
2819/*
2820 * Test combinations of private, public, missing and private + public key
2821 * params to ensure they are all accepted
2822 */
2823static int test_DSA_priv_pub(void)
2824{
2825 return test_EVP_PKEY_ffc_priv_pub("DSA");
2826}
2827
2828#endif /* !OPENSSL_NO_DSA */
2829
2830static int test_RSA_get_set_params(void)
2831{
2832 OSSL_PARAM_BLD *bld = NULL;
2833 OSSL_PARAM *params = NULL;
2834 BIGNUM *n = NULL, *e = NULL, *d = NULL;
2835 EVP_PKEY_CTX *pctx = NULL;
2836 EVP_PKEY *pkey = NULL;
2837 int ret = 0;
2838
2839 /*
2840 * Setup the parameters for our RSA object. For our purposes they don't
2841 * have to actually be *valid* parameters. We just need to set something.
2842 */
2843 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
2844 || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
2845 || !TEST_ptr(n = BN_new())
2846 || !TEST_ptr(e = BN_new())
2847 || !TEST_ptr(d = BN_new()))
2848 goto err;
2849 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
2850 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
2851 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
2852 goto err;
2853 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
2854 goto err;
2855
2856 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
2857 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
2858 params), 0))
2859 goto err;
2860
2861 if (!TEST_ptr(pkey))
2862 goto err;
2863
2864 ret = test_EVP_PKEY_CTX_get_set_params(pkey);
2865
2866 err:
2867 EVP_PKEY_free(pkey);
2868 EVP_PKEY_CTX_free(pctx);
2869 OSSL_PARAM_free(params);
2870 OSSL_PARAM_BLD_free(bld);
2871 BN_free(n);
2872 BN_free(e);
2873 BN_free(d);
2874
2875 return ret;
2876}
2877
2878static int test_RSA_OAEP_set_get_params(void)
2879{
2880 int ret = 0;
2881 EVP_PKEY *key = NULL;
2882 EVP_PKEY_CTX *key_ctx = NULL;
2883
2884 if (nullprov != NULL)
2885 return TEST_skip("Test does not support a non-default library context");
2886
2887 if (!TEST_ptr(key = load_example_rsa_key())
2888 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
2889 goto err;
2890
2891 {
2892 int padding = RSA_PKCS1_OAEP_PADDING;
2893 OSSL_PARAM params[4];
2894
2895 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
2896 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2897 OSSL_DIGEST_NAME_SHA2_256, 0);
2898 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2899 OSSL_DIGEST_NAME_SHA1, 0);
2900 params[3] = OSSL_PARAM_construct_end();
2901
2902 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
2903 goto err;
2904 }
2905 {
2906 OSSL_PARAM params[3];
2907 char oaepmd[30] = { '\0' };
2908 char mgf1md[30] = { '\0' };
2909
2910 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
2911 oaepmd, sizeof(oaepmd));
2912 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
2913 mgf1md, sizeof(mgf1md));
2914 params[2] = OSSL_PARAM_construct_end();
2915
2916 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
2917 goto err;
2918
2919 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
2920 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
2921 goto err;
2922 }
2923
2924 ret = 1;
2925
2926 err:
2927 EVP_PKEY_free(key);
2928 EVP_PKEY_CTX_free(key_ctx);
2929
2930 return ret;
2931}
2932
2933/* https://github.com/openssl/openssl/issues/21288 */
2934static int test_RSA_OAEP_set_null_label(void)
2935{
2936 int ret = 0;
2937 EVP_PKEY *key = NULL;
2938 EVP_PKEY_CTX *key_ctx = NULL;
2939
2940 if (!TEST_ptr(key = load_example_rsa_key())
2941 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
2942 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
2943 goto err;
2944
2945 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
2946 goto err;
2947
2948 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
2949 goto err;
2950
2951 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
2952 goto err;
2953
2954 ret = 1;
2955
2956 err:
2957 EVP_PKEY_free(key);
2958 EVP_PKEY_CTX_free(key_ctx);
2959
2960 return ret;
2961}
2962
2963#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2964static int test_decrypt_null_chunks(void)
2965{
2966 EVP_CIPHER_CTX* ctx = NULL;
2967 EVP_CIPHER *cipher = NULL;
2968 const unsigned char key[32] = {
2969 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2970 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2971 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2972 };
2973 unsigned char iv[12] = {
2974 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2975 };
2976 unsigned char msg[] = "It was the best of times, it was the worst of times";
2977 unsigned char ciphertext[80];
2978 unsigned char plaintext[80];
2979 /* We initialise tmp to a non zero value on purpose */
2980 int ctlen, ptlen, tmp = 99;
2981 int ret = 0;
2982 const int enc_offset = 10, dec_offset = 20;
2983
2984 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
2985 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
2986 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
2987 key, iv))
2988 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
2989 enc_offset))
2990 /* Deliberate add a zero length update */
2991 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
2992 0))
2993 || !TEST_int_eq(tmp, 0)
2994 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
2995 msg + enc_offset,
2996 sizeof(msg) - enc_offset))
2997 || !TEST_int_eq(ctlen += tmp, sizeof(msg))
2998 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
2999 || !TEST_int_eq(tmp, 0))
3000 goto err;
3001
3002 /* Deliberately initialise tmp to a non zero value */
3003 tmp = 99;
3004 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
3005 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
3006 dec_offset))
3007 /*
3008 * Deliberately add a zero length update. We also deliberately do
3009 * this at a different offset than for encryption.
3010 */
3011 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
3012 0))
3013 || !TEST_int_eq(tmp, 0)
3014 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
3015 ciphertext + dec_offset,
3016 ctlen - dec_offset))
3017 || !TEST_int_eq(ptlen += tmp, sizeof(msg))
3018 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
3019 || !TEST_int_eq(tmp, 0)
3020 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
3021 goto err;
3022
3023 ret = 1;
3024 err:
3025 EVP_CIPHER_CTX_free(ctx);
3026 EVP_CIPHER_free(cipher);
3027 return ret;
3028}
3029#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3030
3031#ifndef OPENSSL_NO_DH
3032/*
3033 * Test combinations of private, public, missing and private + public key
3034 * params to ensure they are all accepted
3035 */
3036static int test_DH_priv_pub(void)
3037{
3038 return test_EVP_PKEY_ffc_priv_pub("DH");
3039}
3040
3041# ifndef OPENSSL_NO_DEPRECATED_3_0
3042static int test_EVP_PKEY_set1_DH(void)
3043{
3044 DH *x942dh = NULL, *noqdh = NULL;
3045 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
3046 int ret = 0;
3047 BIGNUM *p, *g = NULL;
3048 BIGNUM *pubkey = NULL;
3049 unsigned char pub[2048 / 8];
3050 size_t len = 0;
3051
3052 if (!TEST_ptr(p = BN_new())
3053 || !TEST_ptr(g = BN_new())
3054 || !TEST_ptr(pubkey = BN_new())
3055 || !TEST_true(BN_set_word(p, 9999))
3056 || !TEST_true(BN_set_word(g, 2))
3057 || !TEST_true(BN_set_word(pubkey, 4321))
3058 || !TEST_ptr(noqdh = DH_new())
3059 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
3060 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
3061 || !TEST_ptr(pubkey = BN_new())
3062 || !TEST_true(BN_set_word(pubkey, 4321)))
3063 goto err;
3064 p = g = NULL;
3065
3066 x942dh = DH_get_2048_256();
3067 pkey1 = EVP_PKEY_new();
3068 pkey2 = EVP_PKEY_new();
3069 if (!TEST_ptr(x942dh)
3070 || !TEST_ptr(noqdh)
3071 || !TEST_ptr(pkey1)
3072 || !TEST_ptr(pkey2)
3073 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
3074 goto err;
3075 pubkey = NULL;
3076
3077 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
3078 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
3079 goto err;
3080
3081 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
3082 &pubkey))
3083 || !TEST_ptr(pubkey))
3084 goto err;
3085
3086 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
3087 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
3088 goto err;
3089
3090 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
3091 OSSL_PKEY_PARAM_PUB_KEY,
3092 pub, sizeof(pub), &len))
3093 || !TEST_size_t_ne(len, 0))
3094 goto err;
3095
3096 ret = 1;
3097 err:
3098 BN_free(p);
3099 BN_free(g);
3100 BN_free(pubkey);
3101 EVP_PKEY_free(pkey1);
3102 EVP_PKEY_free(pkey2);
3103 DH_free(x942dh);
3104 DH_free(noqdh);
3105
3106 return ret;
3107}
3108# endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3109#endif /* !OPENSSL_NO_DH */
3110
3111/*
3112 * We test what happens with an empty template. For the sake of this test,
3113 * the template must be ignored, and we know that's the case for RSA keys
3114 * (this might arguably be a misfeature, but that's what we currently do,
3115 * even in provider code, since that's how the legacy RSA implementation
3116 * does things)
3117 */
3118static int test_keygen_with_empty_template(int n)
3119{
3120 EVP_PKEY_CTX *ctx = NULL;
3121 EVP_PKEY *pkey = NULL;
3122 EVP_PKEY *tkey = NULL;
3123 int ret = 0;
3124
3125 if (nullprov != NULL)
3126 return TEST_skip("Test does not support a non-default library context");
3127
3128 switch (n) {
3129 case 0:
3130 /* We do test with no template at all as well */
3131 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
3132 goto err;
3133 break;
3134 case 1:
3135 /* Here we create an empty RSA key that serves as our template */
3136 if (!TEST_ptr(tkey = EVP_PKEY_new())
3137 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
3138 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
3139 goto err;
3140 break;
3141 }
3142
3143 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3144 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
3145 goto err;
3146
3147 ret = 1;
3148 err:
3149 EVP_PKEY_CTX_free(ctx);
3150 EVP_PKEY_free(pkey);
3151 EVP_PKEY_free(tkey);
3152 return ret;
3153}
3154
3155/*
3156 * Test that we fail if we attempt to use an algorithm that is not available
3157 * in the current library context (unless we are using an algorithm that
3158 * should be made available via legacy codepaths).
3159 *
3160 * 0: RSA
3161 * 1: SM2
3162 */
3163static int test_pkey_ctx_fail_without_provider(int tst)
3164{
3165 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
3166 OSSL_PROVIDER *tmpnullprov = NULL;
3167 EVP_PKEY_CTX *pctx = NULL;
3168 const char *keytype = NULL;
3169 int expect_null = 0;
3170 int ret = 0;
3171
3172 if (!TEST_ptr(tmpctx))
3173 goto err;
3174
3175 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
3176 if (!TEST_ptr(tmpnullprov))
3177 goto err;
3178
3179 /*
3180 * We check for certain algos in the null provider.
3181 * If an algo is expected to have a provider keymgmt, constructing an
3182 * EVP_PKEY_CTX is expected to fail (return NULL).
3183 * Otherwise, if it's expected to have legacy support, constructing an
3184 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3185 */
3186 switch (tst) {
3187 case 0:
3188 keytype = "RSA";
3189 expect_null = 1;
3190 break;
3191 case 1:
3192 keytype = "SM2";
3193 expect_null = 1;
3194#ifdef OPENSSL_NO_EC
3195 TEST_info("EC disable, skipping SM2 check...");
3196 goto end;
3197#endif
3198#ifdef OPENSSL_NO_SM2
3199 TEST_info("SM2 disable, skipping SM2 check...");
3200 goto end;
3201#endif
3202 break;
3203 default:
3204 TEST_error("No test for case %d", tst);
3205 goto err;
3206 }
3207
3208 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
3209 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
3210 goto err;
3211
3212#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3213 end:
3214#endif
3215 ret = 1;
3216
3217 err:
3218 EVP_PKEY_CTX_free(pctx);
3219 OSSL_PROVIDER_unload(tmpnullprov);
3220 OSSL_LIB_CTX_free(tmpctx);
3221 return ret;
3222}
3223
3224static int test_rand_agglomeration(void)
3225{
3226 EVP_RAND *rand;
3227 EVP_RAND_CTX *ctx;
3228 OSSL_PARAM params[3], *p = params;
3229 int res;
3230 unsigned int step = 7;
3231 static unsigned char seed[] = "It does not matter how slowly you go "
3232 "as long as you do not stop.";
3233 unsigned char out[sizeof(seed)];
3234
3235 if (!TEST_int_ne(sizeof(seed) % step, 0)
3236 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
3237 return 0;
3238 ctx = EVP_RAND_CTX_new(rand, NULL);
3239 EVP_RAND_free(rand);
3240 if (!TEST_ptr(ctx))
3241 return 0;
3242
3243 memset(out, 0, sizeof(out));
3244 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
3245 seed, sizeof(seed));
3246 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
3247 *p = OSSL_PARAM_construct_end();
3248 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
3249 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
3250 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
3251 EVP_RAND_CTX_free(ctx);
3252 return res;
3253}
3254
3255/*
3256 * Test that we correctly return the original or "running" IV after
3257 * an encryption operation.
3258 * Run multiple times for some different relevant algorithms/modes.
3259 */
3260static int test_evp_iv_aes(int idx)
3261{
3262 int ret = 0;
3263 EVP_CIPHER_CTX *ctx = NULL;
3264 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3265 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3266 unsigned char init_iv[EVP_MAX_IV_LENGTH] =
3267 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3268 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3269 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3270 9, 10, 11, 12, 13, 14, 15, 16 };
3271 unsigned char ciphertext[32], oiv[16], iv[16];
3272 unsigned char *ref_iv;
3273 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3274 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3275
3276 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3277 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3278 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3279 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3280 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3281 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3282 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3283#ifndef OPENSSL_NO_OCB
3284 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3285 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3286#endif
3287 int len = sizeof(ciphertext);
3288 size_t ivlen, ref_len;
3289 const EVP_CIPHER *type = NULL;
3290 int iv_reset = 0;
3291
3292 if (nullprov != NULL && idx < 6)
3293 return TEST_skip("Test does not support a non-default library context");
3294
3295 switch(idx) {
3296 case 0:
3297 type = EVP_aes_128_cbc();
3298 /* FALLTHROUGH */
3299 case 6:
3300 type = (type != NULL) ? type :
3301 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
3302 ref_iv = cbc_state;
3303 ref_len = sizeof(cbc_state);
3304 iv_reset = 1;
3305 break;
3306 case 1:
3307 type = EVP_aes_128_ofb();
3308 /* FALLTHROUGH */
3309 case 7:
3310 type = (type != NULL) ? type :
3311 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
3312 ref_iv = ofb_state;
3313 ref_len = sizeof(ofb_state);
3314 iv_reset = 1;
3315 break;
3316 case 2:
3317 type = EVP_aes_128_cfb();
3318 /* FALLTHROUGH */
3319 case 8:
3320 type = (type != NULL) ? type :
3321 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
3322 ref_iv = cfb_state;
3323 ref_len = sizeof(cfb_state);
3324 iv_reset = 1;
3325 break;
3326 case 3:
3327 type = EVP_aes_128_gcm();
3328 /* FALLTHROUGH */
3329 case 9:
3330 type = (type != NULL) ? type :
3331 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
3332 ref_iv = gcm_state;
3333 ref_len = sizeof(gcm_state);
3334 break;
3335 case 4:
3336 type = EVP_aes_128_ccm();
3337 /* FALLTHROUGH */
3338 case 10:
3339 type = (type != NULL) ? type :
3340 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
3341 ref_iv = ccm_state;
3342 ref_len = sizeof(ccm_state);
3343 break;
3344#ifdef OPENSSL_NO_OCB
3345 case 5:
3346 case 11:
3347 return 1;
3348#else
3349 case 5:
3350 type = EVP_aes_128_ocb();
3351 /* FALLTHROUGH */
3352 case 11:
3353 type = (type != NULL) ? type :
3354 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
3355 ref_iv = ocb_state;
3356 ref_len = sizeof(ocb_state);
3357 break;
3358#endif
3359 default:
3360 return 0;
3361 }
3362
3363 if (!TEST_ptr(type)
3364 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3365 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3366 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3367 (int)sizeof(msg)))
3368 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3369 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3370 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3371 goto err;
3372 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3373 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3374 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3375 goto err;
3376
3377 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3378 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3379 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3380 goto err;
3381 if (iv_reset) {
3382 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3383 goto err;
3384 } else {
3385 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
3386 goto err;
3387 }
3388
3389 ret = 1;
3390err:
3391 EVP_CIPHER_CTX_free(ctx);
3392 if (idx >= 6)
3393 EVP_CIPHER_free((EVP_CIPHER *)type);
3394 return ret;
3395}
3396
3397#ifndef OPENSSL_NO_DES
3398static int test_evp_iv_des(int idx)
3399{
3400 int ret = 0;
3401 EVP_CIPHER_CTX *ctx = NULL;
3402 static const unsigned char key[24] = {
3403 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3404 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3405 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3406 };
3407 static const unsigned char init_iv[8] = {
3408 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3409 };
3410 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3411 9, 10, 11, 12, 13, 14, 15, 16 };
3412 unsigned char ciphertext[32], oiv[8], iv[8];
3413 unsigned const char *ref_iv;
3414 static const unsigned char cbc_state_des[8] = {
3415 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3416 };
3417 static const unsigned char cbc_state_3des[8] = {
3418 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3419 };
3420 static const unsigned char ofb_state_des[8] = {
3421 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3422 };
3423 static const unsigned char ofb_state_3des[8] = {
3424 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3425 };
3426 static const unsigned char cfb_state_des[8] = {
3427 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3428 };
3429 static const unsigned char cfb_state_3des[8] = {
3430 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3431 };
3432 int len = sizeof(ciphertext);
3433 size_t ivlen, ref_len;
3434 EVP_CIPHER *type = NULL;
3435
3436 if (lgcyprov == NULL && idx < 3)
3437 return TEST_skip("Test requires legacy provider to be loaded");
3438
3439 switch(idx) {
3440 case 0:
3441 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
3442 ref_iv = cbc_state_des;
3443 ref_len = sizeof(cbc_state_des);
3444 break;
3445 case 1:
3446 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
3447 ref_iv = ofb_state_des;
3448 ref_len = sizeof(ofb_state_des);
3449 break;
3450 case 2:
3451 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
3452 ref_iv = cfb_state_des;
3453 ref_len = sizeof(cfb_state_des);
3454 break;
3455 case 3:
3456 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
3457 ref_iv = cbc_state_3des;
3458 ref_len = sizeof(cbc_state_3des);
3459 break;
3460 case 4:
3461 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
3462 ref_iv = ofb_state_3des;
3463 ref_len = sizeof(ofb_state_3des);
3464 break;
3465 case 5:
3466 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
3467 ref_iv = cfb_state_3des;
3468 ref_len = sizeof(cfb_state_3des);
3469 break;
3470 default:
3471 return 0;
3472 }
3473
3474 if (!TEST_ptr(type)
3475 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
3476 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
3477 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
3478 (int)sizeof(msg)))
3479 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
3480 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
3481 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
3482 goto err;
3483 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
3484 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
3485 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
3486 goto err;
3487
3488 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
3489 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
3490 goto err;
3491 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
3492 goto err;
3493
3494 ret = 1;
3495err:
3496 EVP_CIPHER_CTX_free(ctx);
3497 EVP_CIPHER_free(type);
3498 return ret;
3499}
3500#endif
3501
3502#ifndef OPENSSL_NO_BF
3503static int test_evp_bf_default_keylen(int idx)
3504{
3505 int ret = 0;
3506 static const char *algos[4] = {
3507 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3508 };
3509 int ivlen[4] = { 0, 8, 8, 8 };
3510 EVP_CIPHER *cipher = NULL;
3511
3512 if (lgcyprov == NULL)
3513 return TEST_skip("Test requires legacy provider to be loaded");
3514
3515 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
3516 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
3517 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
3518 goto err;
3519
3520 ret = 1;
3521err:
3522 EVP_CIPHER_free(cipher);
3523 return ret;
3524}
3525#endif
3526
3527#ifndef OPENSSL_NO_EC
3528static int ecpub_nids[] = {
3529 NID_brainpoolP256r1, NID_X9_62_prime256v1,
3530 NID_secp384r1, NID_secp521r1,
3531# ifndef OPENSSL_NO_EC2M
3532 NID_sect233k1, NID_sect233r1, NID_sect283r1,
3533 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
3534# endif
3535 NID_brainpoolP384r1, NID_brainpoolP512r1
3536};
3537
3538static int test_ecpub(int idx)
3539{
3540 int ret = 0, len, savelen;
3541 int nid;
3542 unsigned char buf[1024];
3543 unsigned char *p;
3544 EVP_PKEY *pkey = NULL;
3545 EVP_PKEY_CTX *ctx = NULL;
3546# ifndef OPENSSL_NO_DEPRECATED_3_0
3547 const unsigned char *q;
3548 EVP_PKEY *pkey2 = NULL;
3549 EC_KEY *ec = NULL;
3550# endif
3551
3552 if (nullprov != NULL)
3553 return TEST_skip("Test does not support a non-default library context");
3554
3555 nid = ecpub_nids[idx];
3556
3557 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
3558 if (!TEST_ptr(ctx)
3559 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3560 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
3561 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
3562 goto done;
3563 len = i2d_PublicKey(pkey, NULL);
3564 savelen = len;
3565 if (!TEST_int_ge(len, 1)
3566 || !TEST_int_lt(len, 1024))
3567 goto done;
3568 p = buf;
3569 len = i2d_PublicKey(pkey, &p);
3570 if (!TEST_int_ge(len, 1)
3571 || !TEST_int_eq(len, savelen))
3572 goto done;
3573
3574# ifndef OPENSSL_NO_DEPRECATED_3_0
3575 /* Now try to decode the just-created DER. */
3576 q = buf;
3577 if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
3578 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
3579 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
3580 goto done;
3581 /* EC_KEY ownership transferred */
3582 ec = NULL;
3583 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
3584 goto done;
3585 /* The keys should match. */
3586 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
3587 goto done;
3588# endif
3589
3590 ret = 1;
3591
3592 done:
3593 EVP_PKEY_CTX_free(ctx);
3594 EVP_PKEY_free(pkey);
3595# ifndef OPENSSL_NO_DEPRECATED_3_0
3596 EVP_PKEY_free(pkey2);
3597 EC_KEY_free(ec);
3598# endif
3599 return ret;
3600}
3601#endif
3602
3603static int test_EVP_rsa_pss_with_keygen_bits(void)
3604{
3605 int ret = 0;
3606 EVP_PKEY_CTX *ctx = NULL;
3607 EVP_PKEY *pkey = NULL;
3608 EVP_MD *md;
3609
3610 md = EVP_MD_fetch(testctx, "sha256", testpropq);
3611 ret = TEST_ptr(md)
3612 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
3613 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
3614 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
3615 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
3616 && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
3617
3618 EVP_MD_free(md);
3619 EVP_PKEY_free(pkey);
3620 EVP_PKEY_CTX_free(ctx);
3621 return ret;
3622}
3623
3624static int test_EVP_rsa_pss_set_saltlen(void)
3625{
3626 int ret = 0;
3627 EVP_PKEY *pkey = NULL;
3628 EVP_PKEY_CTX *pkey_ctx = NULL;
3629 EVP_MD *sha256 = NULL;
3630 EVP_MD_CTX *sha256_ctx = NULL;
3631 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3632 const int test_value = 32;
3633
3634 ret = TEST_ptr(pkey = load_example_rsa_key())
3635 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
3636 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
3637 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
3638 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
3639 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
3640 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
3641 && TEST_int_eq(saltlen, test_value);
3642
3643 EVP_MD_CTX_free(sha256_ctx);
3644 EVP_PKEY_free(pkey);
3645 EVP_MD_free(sha256);
3646
3647 return ret;
3648}
3649
3650static int success = 1;
3651static void md_names(const char *name, void *vctx)
3652{
3653 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
3654 /* Force a namemap update */
3655 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
3656
3657 if (!TEST_ptr(aes128))
3658 success = 0;
3659
3660 EVP_CIPHER_free(aes128);
3661}
3662
3663/*
3664 * Test that changing the namemap in a user callback works in a names_do_all
3665 * function.
3666 */
3667static int test_names_do_all(void)
3668{
3669 /* We use a custom libctx so that we know the state of the namemap */
3670 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
3671 EVP_MD *sha256 = NULL;
3672 int testresult = 0;
3673
3674 if (!TEST_ptr(ctx))
3675 goto err;
3676
3677 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
3678 if (!TEST_ptr(sha256))
3679 goto err;
3680
3681 /*
3682 * We loop through all the names for a given digest. This should still work
3683 * even if the namemap changes part way through.
3684 */
3685 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
3686 goto err;
3687
3688 if (!TEST_true(success))
3689 goto err;
3690
3691 testresult = 1;
3692 err:
3693 EVP_MD_free(sha256);
3694 OSSL_LIB_CTX_free(ctx);
3695 return testresult;
3696}
3697
3698typedef struct {
3699 const char *cipher;
3700 const unsigned char *key;
3701 const unsigned char *iv;
3702 const unsigned char *input;
3703 const unsigned char *expected;
3704 const unsigned char *tag;
3705 size_t ivlen; /* 0 if we do not need to set a specific IV len */
3706 size_t inlen;
3707 size_t expectedlen;
3708 size_t taglen;
3709 int keyfirst;
3710 int initenc;
3711 int finalenc;
3712} EVP_INIT_TEST_st;
3713
3714static const EVP_INIT_TEST_st evp_init_tests[] = {
3715 {
3716 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3717 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3718 0, 1, 0, 1
3719 },
3720 {
3721 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3722 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3723 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3724 sizeof(gcmDefaultTag), 1, 0, 1
3725 },
3726 {
3727 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
3728 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
3729 0, 0, 0, 1
3730 },
3731 {
3732 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
3733 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3734 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
3735 sizeof(gcmDefaultTag), 0, 0, 1
3736 },
3737 {
3738 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3739 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3740 0, 1, 1, 0
3741 },
3742 {
3743 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3744 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3745 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3746 sizeof(gcmDefaultTag), 1, 1, 0
3747 },
3748 {
3749 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
3750 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
3751 0, 0, 1, 0
3752 },
3753 {
3754 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
3755 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
3756 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
3757 sizeof(gcmDefaultTag), 0, 1, 0
3758 }
3759};
3760
3761/* use same key, iv and plaintext for cfb and ofb */
3762static const EVP_INIT_TEST_st evp_reinit_tests[] = {
3763 {
3764 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
3765 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
3766 sizeof(cfbCiphertext_partial), 0, 0, 1, 0
3767 },
3768 {
3769 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial,
3770 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial),
3771 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
3772 },
3773 {
3774 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial,
3775 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial),
3776 sizeof(ofbCiphertext_partial), 0, 0, 1, 0
3777 },
3778 {
3779 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial,
3780 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial),
3781 sizeof(cfbPlaintext_partial), 0, 0, 0, 0
3782 },
3783};
3784
3785static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
3786{
3787 int res = 0;
3788
3789 if (t->ivlen != 0) {
3790 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
3791 goto err;
3792 }
3793 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
3794 goto err;
3795 res = 1;
3796 err:
3797 return res;
3798}
3799
3800/*
3801 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3802 * arguments are given one at a time and a final adjustment to the enc
3803 * parameter sets the correct operation.
3804 */
3805static int test_evp_init_seq(int idx)
3806{
3807 int outlen1, outlen2;
3808 int testresult = 0;
3809 unsigned char outbuf[1024];
3810 unsigned char tag[16];
3811 const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
3812 EVP_CIPHER_CTX *ctx = NULL;
3813 EVP_CIPHER *type = NULL;
3814 size_t taglen = sizeof(tag);
3815 char *errmsg = NULL;
3816
3817 ctx = EVP_CIPHER_CTX_new();
3818 if (ctx == NULL) {
3819 errmsg = "CTX_ALLOC";
3820 goto err;
3821 }
3822 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
3823 errmsg = "CIPHER_FETCH";
3824 goto err;
3825 }
3826 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
3827 errmsg = "EMPTY_ENC_INIT";
3828 goto err;
3829 }
3830 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3831 errmsg = "PADDING";
3832 goto err;
3833 }
3834 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3835 errmsg = "KEY_INIT (before iv)";
3836 goto err;
3837 }
3838 if (!evp_init_seq_set_iv(ctx, t)) {
3839 errmsg = "IV_INIT";
3840 goto err;
3841 }
3842 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
3843 errmsg = "KEY_INIT (after iv)";
3844 goto err;
3845 }
3846 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
3847 errmsg = "FINAL_ENC_INIT";
3848 goto err;
3849 }
3850 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3851 errmsg = "CIPHER_UPDATE";
3852 goto err;
3853 }
3854 if (t->finalenc == 0 && t->tag != NULL) {
3855 /* Set expected tag */
3856 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
3857 t->taglen, (void *)t->tag), 0)) {
3858 errmsg = "SET_TAG";
3859 goto err;
3860 }
3861 }
3862 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3863 errmsg = "CIPHER_FINAL";
3864 goto err;
3865 }
3866 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3867 errmsg = "WRONG_RESULT";
3868 goto err;
3869 }
3870 if (t->finalenc != 0 && t->tag != NULL) {
3871 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
3872 errmsg = "GET_TAG";
3873 goto err;
3874 }
3875 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
3876 errmsg = "TAG_ERROR";
3877 goto err;
3878 }
3879 }
3880 testresult = 1;
3881 err:
3882 if (errmsg != NULL)
3883 TEST_info("evp_init_test %d: %s", idx, errmsg);
3884 EVP_CIPHER_CTX_free(ctx);
3885 EVP_CIPHER_free(type);
3886 return testresult;
3887}
3888
3889/*
3890 * Test re-initialization of cipher context without changing key or iv.
3891 * The result of both iteration should be the same.
3892 */
3893static int test_evp_reinit_seq(int idx)
3894{
3895 int outlen1, outlen2, outlen_final;
3896 int testresult = 0;
3897 unsigned char outbuf1[1024];
3898 unsigned char outbuf2[1024];
3899 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx];
3900 EVP_CIPHER_CTX *ctx = NULL;
3901 EVP_CIPHER *type = NULL;
3902
3903 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
3904 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))
3905 /* setup cipher context */
3906 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL))
3907 /* first iteration */
3908 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen))
3909 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final))
3910 /* check test results iteration 1 */
3911 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final)
3912 /* now re-init the context (same cipher, key and iv) */
3913 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL))
3914 /* second iteration */
3915 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen))
3916 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final))
3917 /* check test results iteration 2 */
3918 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final))
3919 goto err;
3920 testresult = 1;
3921 err:
3922 EVP_CIPHER_CTX_free(ctx);
3923 EVP_CIPHER_free(type);
3924 return testresult;
3925}
3926
3927typedef struct {
3928 const unsigned char *input;
3929 const unsigned char *expected;
3930 size_t inlen;
3931 size_t expectedlen;
3932 int enc;
3933} EVP_RESET_TEST_st;
3934
3935static const EVP_RESET_TEST_st evp_reset_tests[] = {
3936 {
3937 cfbPlaintext, cfbCiphertext,
3938 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
3939 },
3940 {
3941 cfbCiphertext, cfbPlaintext,
3942 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
3943 }
3944};
3945
3946/*
3947 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3948 * been used.
3949 */
3950static int test_evp_reset(int idx)
3951{
3952 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
3953 int outlen1, outlen2;
3954 int testresult = 0;
3955 unsigned char outbuf[1024];
3956 EVP_CIPHER_CTX *ctx = NULL;
3957 EVP_CIPHER *type = NULL;
3958 char *errmsg = NULL;
3959
3960 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
3961 errmsg = "CTX_ALLOC";
3962 goto err;
3963 }
3964 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
3965 errmsg = "CIPHER_FETCH";
3966 goto err;
3967 }
3968 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
3969 errmsg = "CIPHER_INIT";
3970 goto err;
3971 }
3972 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
3973 errmsg = "PADDING";
3974 goto err;
3975 }
3976 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3977 errmsg = "CIPHER_UPDATE";
3978 goto err;
3979 }
3980 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3981 errmsg = "CIPHER_FINAL";
3982 goto err;
3983 }
3984 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
3985 errmsg = "WRONG_RESULT";
3986 goto err;
3987 }
3988 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
3989 errmsg = "CIPHER_REINIT";
3990 goto err;
3991 }
3992 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
3993 errmsg = "CIPHER_UPDATE (reinit)";
3994 goto err;
3995 }
3996 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
3997 errmsg = "CIPHER_FINAL (reinit)";
3998 goto err;
3999 }
4000 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
4001 errmsg = "WRONG_RESULT (reinit)";
4002 goto err;
4003 }
4004 testresult = 1;
4005 err:
4006 if (errmsg != NULL)
4007 TEST_info("test_evp_reset %d: %s", idx, errmsg);
4008 EVP_CIPHER_CTX_free(ctx);
4009 EVP_CIPHER_free(type);
4010 return testresult;
4011}
4012
4013typedef struct {
4014 const char *cipher;
4015 int enc;
4016} EVP_UPDATED_IV_TEST_st;
4017
4018static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
4019 {
4020 "aes-128-cfb", 1
4021 },
4022 {
4023 "aes-128-cfb", 0
4024 },
4025 {
4026 "aes-128-cfb1", 1
4027 },
4028 {
4029 "aes-128-cfb1", 0
4030 },
4031 {
4032 "aes-128-cfb8", 1
4033 },
4034 {
4035 "aes-128-cfb8", 0
4036 },
4037 {
4038 "aes-128-ofb", 1
4039 },
4040 {
4041 "aes-128-ofb", 0
4042 },
4043 {
4044 "aes-128-ctr", 1
4045 },
4046 {
4047 "aes-128-ctr", 0
4048 },
4049 {
4050 "aes-128-cbc", 1
4051 },
4052 {
4053 "aes-128-cbc", 0
4054 }
4055};
4056
4057/*
4058 * Test that the IV in the context is updated during a crypto operation for CFB
4059 * and OFB.
4060 */
4061static int test_evp_updated_iv(int idx)
4062{
4063 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
4064 int outlen1, outlen2;
4065 int testresult = 0;
4066 unsigned char outbuf[1024];
4067 EVP_CIPHER_CTX *ctx = NULL;
4068 EVP_CIPHER *type = NULL;
4069 unsigned char updated_iv[EVP_MAX_IV_LENGTH];
4070 int iv_len;
4071 char *errmsg = NULL;
4072
4073 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4074 errmsg = "CTX_ALLOC";
4075 goto err;
4076 }
4077 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
4078 TEST_info("cipher %s not supported, skipping", t->cipher);
4079 goto ok;
4080 }
4081
4082 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
4083 errmsg = "CIPHER_INIT";
4084 goto err;
4085 }
4086 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
4087 errmsg = "PADDING";
4088 goto err;
4089 }
4090 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
4091 errmsg = "CIPHER_UPDATE";
4092 goto err;
4093 }
4094 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
4095 errmsg = "CIPHER_CTX_GET_UPDATED_IV";
4096 goto err;
4097 }
4098 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
4099 errmsg = "CIPHER_CTX_GET_IV_LEN";
4100 goto err;
4101 }
4102 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
4103 errmsg = "IV_NOT_UPDATED";
4104 goto err;
4105 }
4106 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4107 errmsg = "CIPHER_FINAL";
4108 goto err;
4109 }
4110 ok:
4111 testresult = 1;
4112 err:
4113 if (errmsg != NULL)
4114 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
4115 EVP_CIPHER_CTX_free(ctx);
4116 EVP_CIPHER_free(type);
4117 return testresult;
4118}
4119
4120typedef struct {
4121 const unsigned char *iv1;
4122 const unsigned char *iv2;
4123 const unsigned char *expected1;
4124 const unsigned char *expected2;
4125 const unsigned char *tag1;
4126 const unsigned char *tag2;
4127 size_t ivlen1;
4128 size_t ivlen2;
4129 size_t expectedlen1;
4130 size_t expectedlen2;
4131} TEST_GCM_IV_REINIT_st;
4132
4133static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
4134 {
4135 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
4136 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
4137 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
4138 },
4139 {
4140 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
4141 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
4142 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
4143 }
4144};
4145
4146static int test_gcm_reinit(int idx)
4147{
4148 int outlen1, outlen2, outlen3;
4149 int testresult = 0;
4150 unsigned char outbuf[1024];
4151 unsigned char tag[16];
4152 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
4153 EVP_CIPHER_CTX *ctx = NULL;
4154 EVP_CIPHER *type = NULL;
4155 size_t taglen = sizeof(tag);
4156 char *errmsg = NULL;
4157
4158 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
4159 errmsg = "CTX_ALLOC";
4160 goto err;
4161 }
4162 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
4163 errmsg = "CIPHER_FETCH";
4164 goto err;
4165 }
4166 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
4167 errmsg = "ENC_INIT";
4168 goto err;
4169 }
4170 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
4171 errmsg = "SET_IVLEN1";
4172 goto err;
4173 }
4174 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
4175 errmsg = "SET_IV1";
4176 goto err;
4177 }
4178 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4179 errmsg = "AAD1";
4180 goto err;
4181 }
4182 EVP_CIPHER_CTX_set_padding(ctx, 0);
4183 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4184 sizeof(gcmResetPlaintext)))) {
4185 errmsg = "CIPHER_UPDATE1";
4186 goto err;
4187 }
4188 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4189 errmsg = "CIPHER_FINAL1";
4190 goto err;
4191 }
4192 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
4193 errmsg = "WRONG_RESULT1";
4194 goto err;
4195 }
4196 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4197 errmsg = "GET_TAG1";
4198 goto err;
4199 }
4200 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
4201 errmsg = "TAG_ERROR1";
4202 goto err;
4203 }
4204 /* Now reinit */
4205 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
4206 errmsg = "SET_IVLEN2";
4207 goto err;
4208 }
4209 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
4210 errmsg = "SET_IV2";
4211 goto err;
4212 }
4213 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
4214 errmsg = "AAD2";
4215 goto err;
4216 }
4217 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
4218 sizeof(gcmResetPlaintext)))) {
4219 errmsg = "CIPHER_UPDATE2";
4220 goto err;
4221 }
4222 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
4223 errmsg = "CIPHER_FINAL2";
4224 goto err;
4225 }
4226 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
4227 errmsg = "WRONG_RESULT2";
4228 goto err;
4229 }
4230 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
4231 errmsg = "GET_TAG2";
4232 goto err;
4233 }
4234 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
4235 errmsg = "TAG_ERROR2";
4236 goto err;
4237 }
4238 testresult = 1;
4239 err:
4240 if (errmsg != NULL)
4241 TEST_info("evp_init_test %d: %s", idx, errmsg);
4242 EVP_CIPHER_CTX_free(ctx);
4243 EVP_CIPHER_free(type);
4244 return testresult;
4245}
4246
4247static const char *ivlen_change_ciphers[] = {
4248 "AES-256-GCM",
4249#ifndef OPENSSL_NO_OCB
4250 "AES-256-OCB",
4251#endif
4252 "AES-256-CCM"
4253};
4254
4255/* Negative test for ivlen change after iv being set */
4256static int test_ivlen_change(int idx)
4257{
4258 int outlen;
4259 int res = 0;
4260 unsigned char outbuf[1024];
4261 static const unsigned char iv[] = {
4262 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4263 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4264 };
4265 EVP_CIPHER_CTX *ctx = NULL;
4266 EVP_CIPHER *ciph = NULL;
4267 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4268 size_t ivlen = 13; /* non-default IV length */
4269
4270 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4271 goto err;
4272
4273 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
4274 testpropq)))
4275 goto err;
4276
4277 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
4278 goto err;
4279
4280 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4281 sizeof(gcmDefaultPlaintext))))
4282 goto err;
4283
4284 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
4285 &ivlen);
4286 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4287 goto err;
4288
4289 ERR_set_mark();
4290 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4291 sizeof(gcmDefaultPlaintext)))) {
4292 ERR_clear_last_mark();
4293 goto err;
4294 }
4295 ERR_pop_to_mark();
4296
4297 res = 1;
4298 err:
4299 EVP_CIPHER_CTX_free(ctx);
4300 EVP_CIPHER_free(ciph);
4301 return res;
4302}
4303
4304static const char *keylen_change_ciphers[] = {
4305#ifndef OPENSSL_NO_BF
4306 "BF-ECB",
4307#endif
4308#ifndef OPENSSL_NO_CAST
4309 "CAST5-ECB",
4310#endif
4311#ifndef OPENSSL_NO_RC2
4312 "RC2-ECB",
4313#endif
4314#ifndef OPENSSL_NO_RC4
4315 "RC4",
4316#endif
4317#ifndef OPENSSL_NO_RC5
4318 "RC5-ECB",
4319#endif
4320 NULL
4321};
4322
4323/* Negative test for keylen change after key was set */
4324static int test_keylen_change(int idx)
4325{
4326 int outlen;
4327 int res = 0;
4328 unsigned char outbuf[1024];
4329 static const unsigned char key[] = {
4330 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4331 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4332 };
4333 EVP_CIPHER_CTX *ctx = NULL;
4334 EVP_CIPHER *ciph = NULL;
4335 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
4336 size_t keylen = 12; /* non-default key length */
4337
4338 if (lgcyprov == NULL)
4339 return TEST_skip("Test requires legacy provider to be loaded");
4340
4341 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
4342 goto err;
4343
4344 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
4345 testpropq)))
4346 goto err;
4347
4348 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
4349 goto err;
4350
4351 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4352 sizeof(gcmDefaultPlaintext))))
4353 goto err;
4354
4355 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
4356 &keylen);
4357 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
4358 goto err;
4359
4360 ERR_set_mark();
4361 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
4362 sizeof(gcmDefaultPlaintext)))) {
4363 ERR_clear_last_mark();
4364 goto err;
4365 }
4366 ERR_pop_to_mark();
4367
4368 res = 1;
4369 err:
4370 EVP_CIPHER_CTX_free(ctx);
4371 EVP_CIPHER_free(ciph);
4372 return res;
4373}
4374
4375#ifndef OPENSSL_NO_DEPRECATED_3_0
4376static EVP_PKEY_METHOD *custom_pmeth = NULL;
4377static const EVP_PKEY_METHOD *orig_pmeth = NULL;
4378
4379# define EVP_PKEY_CTRL_MY_COMMAND 9999
4380
4381static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
4382{
4383 int (*pinit)(EVP_PKEY_CTX *ctx);
4384
4385 EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
4386 return pinit(ctx);
4387}
4388
4389static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
4390{
4391 void (*pcleanup)(EVP_PKEY_CTX *ctx);
4392
4393 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
4394 pcleanup(ctx);
4395}
4396
4397static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
4398 size_t *outlen, const unsigned char *in,
4399 size_t inlen)
4400{
4401 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
4402 const unsigned char *tbs, size_t tbslen);
4403
4404 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
4405 return psign(ctx, out, outlen, in, inlen);
4406}
4407
4408static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
4409 size_t *siglen, const unsigned char *tbs,
4410 size_t tbslen)
4411{
4412 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
4413 const unsigned char *tbs, size_t tbslen);
4414
4415 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
4416 return pdigestsign(ctx, sig, siglen, tbs, tbslen);
4417}
4418
4419static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
4420 size_t *keylen)
4421{
4422 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
4423
4424 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
4425 return pderive(ctx, key, keylen);
4426}
4427
4428static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
4429{
4430 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
4431
4432 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
4433 return pcopy(dst, src);
4434}
4435
4436static int ctrl_called;
4437
4438static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
4439{
4440 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
4441
4442 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
4443
4444 if (type == EVP_PKEY_CTRL_MY_COMMAND) {
4445 ctrl_called = 1;
4446 return 1;
4447 }
4448
4449 return pctrl(ctx, type, p1, p2);
4450}
4451
4452static int test_custom_pmeth(int idx)
4453{
4454 EVP_PKEY_CTX *pctx = NULL;
4455 EVP_MD_CTX *ctx = NULL;
4456 EVP_PKEY *pkey = NULL;
4457 int id, orig_id, orig_flags;
4458 int testresult = 0;
4459 size_t reslen;
4460 unsigned char *res = NULL;
4461 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
4462 const EVP_MD *md = EVP_sha256();
4463 int doderive = 0;
4464
4465 ctrl_called = 0;
4466
4467 /* We call deprecated APIs so this test doesn't support a custom libctx */
4468 if (testctx != NULL)
4469 return 1;
4470
4471 switch(idx) {
4472 case 0:
4473 case 6:
4474 id = EVP_PKEY_RSA;
4475 pkey = load_example_rsa_key();
4476 break;
4477 case 1:
4478 case 7:
4479# ifndef OPENSSL_NO_DSA
4480 id = EVP_PKEY_DSA;
4481 pkey = load_example_dsa_key();
4482 break;
4483# else
4484 return 1;
4485# endif
4486 case 2:
4487 case 8:
4488# ifndef OPENSSL_NO_EC
4489 id = EVP_PKEY_EC;
4490 pkey = load_example_ec_key();
4491 break;
4492# else
4493 return 1;
4494# endif
4495 case 3:
4496 case 9:
4497# ifndef OPENSSL_NO_EC
4498 id = EVP_PKEY_ED25519;
4499 md = NULL;
4500 pkey = load_example_ed25519_key();
4501 break;
4502# else
4503 return 1;
4504# endif
4505 case 4:
4506 case 10:
4507# ifndef OPENSSL_NO_DH
4508 id = EVP_PKEY_DH;
4509 doderive = 1;
4510 pkey = load_example_dh_key();
4511 break;
4512# else
4513 return 1;
4514# endif
4515 case 5:
4516 case 11:
4517# ifndef OPENSSL_NO_EC
4518 id = EVP_PKEY_X25519;
4519 doderive = 1;
4520 pkey = load_example_x25519_key();
4521 break;
4522# else
4523 return 1;
4524# endif
4525 default:
4526 TEST_error("Should not happen");
4527 goto err;
4528 }
4529
4530 if (!TEST_ptr(pkey))
4531 goto err;
4532
4533 if (idx < 6) {
4534 if (!TEST_true(evp_pkey_is_provided(pkey)))
4535 goto err;
4536 } else {
4537 EVP_PKEY *tmp = pkey;
4538
4539 /* Convert to a legacy key */
4540 pkey = EVP_PKEY_new();
4541 if (!TEST_ptr(pkey)) {
4542 pkey = tmp;
4543 goto err;
4544 }
4545 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
4546 EVP_PKEY_free(tmp);
4547 goto err;
4548 }
4549 EVP_PKEY_free(tmp);
4550 if (!TEST_true(evp_pkey_is_legacy(pkey)))
4551 goto err;
4552 }
4553
4554 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
4555 || !TEST_ptr(pkey))
4556 goto err;
4557
4558 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
4559 if (!TEST_int_eq(orig_id, id)
4560 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
4561 goto err;
4562
4563 if (id == EVP_PKEY_ED25519) {
4564 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
4565 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
4566 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
4567 } else {
4568 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
4569 }
4570 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
4571 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
4572 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
4573 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
4574 }
4575 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
4576 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
4577 goto err;
4578
4579 if (doderive) {
4580 pctx = EVP_PKEY_CTX_new(pkey, NULL);
4581 if (!TEST_ptr(pctx)
4582 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
4583 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4584 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4585 1)
4586 || !TEST_int_eq(ctrl_called, 1)
4587 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
4588 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
4589 || !TEST_ptr(res = OPENSSL_malloc(reslen))
4590 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
4591 goto err;
4592 } else {
4593 ctx = EVP_MD_CTX_new();
4594 reslen = EVP_PKEY_size(pkey);
4595 res = OPENSSL_malloc(reslen);
4596 if (!TEST_ptr(ctx)
4597 || !TEST_ptr(res)
4598 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
4599 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
4600 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
4601 1)
4602 || !TEST_int_eq(ctrl_called, 1))
4603 goto err;
4604
4605 if (id == EVP_PKEY_ED25519) {
4606 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
4607 goto err;
4608 } else {
4609 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
4610 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
4611 goto err;
4612 }
4613 }
4614
4615 testresult = 1;
4616 err:
4617 OPENSSL_free(res);
4618 EVP_MD_CTX_free(ctx);
4619 if (doderive)
4620 EVP_PKEY_CTX_free(pctx);
4621 EVP_PKEY_free(pkey);
4622 EVP_PKEY_meth_remove(custom_pmeth);
4623 EVP_PKEY_meth_free(custom_pmeth);
4624 custom_pmeth = NULL;
4625 return testresult;
4626}
4627
4628static int test_evp_md_cipher_meth(void)
4629{
4630 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
4631 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4632 int testresult = 0;
4633
4634 if (!TEST_ptr(md) || !TEST_ptr(ciph))
4635 goto err;
4636
4637 testresult = 1;
4638
4639 err:
4640 EVP_MD_meth_free(md);
4641 EVP_CIPHER_meth_free(ciph);
4642
4643 return testresult;
4644}
4645
4646typedef struct {
4647 int data;
4648} custom_dgst_ctx;
4649
4650static int custom_md_init_called = 0;
4651static int custom_md_cleanup_called = 0;
4652
4653static int custom_md_init(EVP_MD_CTX *ctx)
4654{
4655 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4656
4657 if (p == NULL)
4658 return 0;
4659
4660 custom_md_init_called++;
4661 return 1;
4662}
4663
4664static int custom_md_cleanup(EVP_MD_CTX *ctx)
4665{
4666 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
4667
4668 if (p == NULL)
4669 /* Nothing to do */
4670 return 1;
4671
4672 custom_md_cleanup_called++;
4673 return 1;
4674}
4675
4676static int test_custom_md_meth(void)
4677{
4678 EVP_MD_CTX *mdctx = NULL;
4679 EVP_MD *tmp = NULL;
4680 char mess[] = "Test Message\n";
4681 unsigned char md_value[EVP_MAX_MD_SIZE];
4682 unsigned int md_len;
4683 int testresult = 0;
4684 int nid;
4685
4686 /*
4687 * We are testing deprecated functions. We don't support a non-default
4688 * library context in this test.
4689 */
4690 if (testctx != NULL)
4691 return TEST_skip("Non-default libctx");
4692
4693 custom_md_init_called = custom_md_cleanup_called = 0;
4694
4695 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4696 if (!TEST_int_ne(nid, NID_undef))
4697 goto err;
4698 tmp = EVP_MD_meth_new(nid, NID_undef);
4699 if (!TEST_ptr(tmp))
4700 goto err;
4701
4702 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
4703 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
4704 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
4705 sizeof(custom_dgst_ctx))))
4706 goto err;
4707
4708 mdctx = EVP_MD_CTX_new();
4709 if (!TEST_ptr(mdctx)
4710 /*
4711 * Initing our custom md and then initing another md should
4712 * result in the init and cleanup functions of the custom md
4713 * being called.
4714 */
4715 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
4716 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
4717 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
4718 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
4719 || !TEST_int_eq(custom_md_init_called, 1)
4720 || !TEST_int_eq(custom_md_cleanup_called, 1))
4721 goto err;
4722
4723 testresult = 1;
4724 err:
4725 EVP_MD_CTX_free(mdctx);
4726 EVP_MD_meth_free(tmp);
4727 return testresult;
4728}
4729
4730typedef struct {
4731 int data;
4732} custom_ciph_ctx;
4733
4734static int custom_ciph_init_called = 0;
4735static int custom_ciph_cleanup_called = 0;
4736
4737static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
4738 const unsigned char *iv, int enc)
4739{
4740 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4741
4742 if (p == NULL)
4743 return 0;
4744
4745 custom_ciph_init_called++;
4746 return 1;
4747}
4748
4749static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
4750{
4751 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
4752
4753 if (p == NULL)
4754 /* Nothing to do */
4755 return 1;
4756
4757 custom_ciph_cleanup_called++;
4758 return 1;
4759}
4760
4761static int test_custom_ciph_meth(void)
4762{
4763 EVP_CIPHER_CTX *ciphctx = NULL;
4764 EVP_CIPHER *tmp = NULL;
4765 int testresult = 0;
4766 int nid;
4767
4768 /*
4769 * We are testing deprecated functions. We don't support a non-default
4770 * library context in this test.
4771 */
4772 if (testctx != NULL)
4773 return TEST_skip("Non-default libctx");
4774
4775 custom_ciph_init_called = custom_ciph_cleanup_called = 0;
4776
4777 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4778 if (!TEST_int_ne(nid, NID_undef))
4779 goto err;
4780 tmp = EVP_CIPHER_meth_new(nid, 16, 16);
4781 if (!TEST_ptr(tmp))
4782 goto err;
4783
4784 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
4785 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
4786 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
4787 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
4788 sizeof(custom_ciph_ctx))))
4789 goto err;
4790
4791 ciphctx = EVP_CIPHER_CTX_new();
4792 if (!TEST_ptr(ciphctx)
4793 /*
4794 * Initing our custom cipher and then initing another cipher
4795 * should result in the init and cleanup functions of the custom
4796 * cipher being called.
4797 */
4798 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
4799 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
4800 NULL, NULL, 1))
4801 || !TEST_int_eq(custom_ciph_init_called, 1)
4802 || !TEST_int_eq(custom_ciph_cleanup_called, 1))
4803 goto err;
4804
4805 testresult = 1;
4806 err:
4807 EVP_CIPHER_CTX_free(ciphctx);
4808 EVP_CIPHER_meth_free(tmp);
4809 return testresult;
4810}
4811
4812# ifndef OPENSSL_NO_DYNAMIC_ENGINE
4813/* Test we can create a signature keys with an associated ENGINE */
4814static int test_signatures_with_engine(int tst)
4815{
4816 ENGINE *e;
4817 const char *engine_id = "dasync";
4818 EVP_PKEY *pkey = NULL;
4819 const unsigned char badcmackey[] = { 0x00, 0x01 };
4820 const unsigned char cmackey[] = {
4821 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4822 0x0c, 0x0d, 0x0e, 0x0f
4823 };
4824 const unsigned char ed25519key[] = {
4825 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4826 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4827 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4828 };
4829 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4830 int testresult = 0;
4831 EVP_MD_CTX *ctx = NULL;
4832 unsigned char *mac = NULL;
4833 size_t maclen = 0;
4834 int ret;
4835
4836# ifdef OPENSSL_NO_CMAC
4837 /* Skip CMAC tests in a no-cmac build */
4838 if (tst <= 1)
4839 return 1;
4840# endif
4841
4842 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4843 return 0;
4844
4845 if (!TEST_true(ENGINE_init(e))) {
4846 ENGINE_free(e);
4847 return 0;
4848 }
4849
4850 switch (tst) {
4851 case 0:
4852 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
4853 EVP_aes_128_cbc());
4854 break;
4855 case 1:
4856 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
4857 EVP_aes_128_cbc());
4858 break;
4859 case 2:
4860 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
4861 sizeof(ed25519key));
4862 break;
4863 default:
4864 TEST_error("Invalid test case");
4865 goto err;
4866 }
4867 if (!TEST_ptr(pkey))
4868 goto err;
4869
4870 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
4871 goto err;
4872
4873 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
4874 pkey);
4875 if (tst == 0) {
4876 if (!TEST_true(ret))
4877 goto err;
4878
4879 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
4880 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
4881 goto err;
4882
4883 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
4884 goto err;
4885
4886 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
4887 goto err;
4888 } else {
4889 /* We used a bad key. We expect a failure here */
4890 if (!TEST_false(ret))
4891 goto err;
4892 }
4893
4894 testresult = 1;
4895 err:
4896 EVP_MD_CTX_free(ctx);
4897 OPENSSL_free(mac);
4898 EVP_PKEY_free(pkey);
4899 ENGINE_finish(e);
4900 ENGINE_free(e);
4901
4902 return testresult;
4903}
4904
4905static int test_cipher_with_engine(void)
4906{
4907 ENGINE *e;
4908 const char *engine_id = "dasync";
4909 const unsigned char keyiv[] = {
4910 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4911 0x0c, 0x0d, 0x0e, 0x0f
4912 };
4913 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
4914 int testresult = 0;
4915 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
4916 unsigned char buf[AES_BLOCK_SIZE];
4917 int len = 0;
4918
4919 if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
4920 return 0;
4921
4922 if (!TEST_true(ENGINE_init(e))) {
4923 ENGINE_free(e);
4924 return 0;
4925 }
4926
4927 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
4928 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
4929 goto err;
4930
4931 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
4932 goto err;
4933
4934 /* Copy the ctx, and complete the operation with the new ctx */
4935 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
4936 goto err;
4937
4938 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
4939 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
4940 goto err;
4941
4942 testresult = 1;
4943 err:
4944 EVP_CIPHER_CTX_free(ctx);
4945 EVP_CIPHER_CTX_free(ctx2);
4946 ENGINE_finish(e);
4947 ENGINE_free(e);
4948
4949 return testresult;
4950}
4951# endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4952#endif /* OPENSSL_NO_DEPRECATED_3_0 */
4953
4954static int ecxnids[] = {
4955 NID_X25519,
4956 NID_X448,
4957 NID_ED25519,
4958 NID_ED448
4959};
4960
4961/* Test that creating ECX keys with a short private key fails as expected */
4962static int test_ecx_short_keys(int tst)
4963{
4964 unsigned char ecxkeydata = 1;
4965 EVP_PKEY *pkey;
4966
4967
4968 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
4969 NULL, &ecxkeydata, 1);
4970 if (!TEST_ptr_null(pkey)) {
4971 EVP_PKEY_free(pkey);
4972 return 0;
4973 }
4974
4975 return 1;
4976}
4977
4978typedef enum OPTION_choice {
4979 OPT_ERR = -1,
4980 OPT_EOF = 0,
4981 OPT_CONTEXT,
4982 OPT_TEST_ENUM
4983} OPTION_CHOICE;
4984
4985const OPTIONS *test_get_options(void)
4986{
4987 static const OPTIONS options[] = {
4988 OPT_TEST_OPTIONS_DEFAULT_USAGE,
4989 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
4990 { NULL }
4991 };
4992 return options;
4993}
4994
4995#ifndef OPENSSL_NO_EC
4996/* Test that trying to sign with a public key errors out gracefully */
4997static int test_ecx_not_private_key(int tst)
4998{
4999 EVP_PKEY *pkey = NULL;
5000
5001 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
5002 int testresult = 0;
5003 EVP_MD_CTX *ctx = NULL;
5004 unsigned char *mac = NULL;
5005 size_t maclen = 0;
5006 unsigned char *pubkey;
5007 size_t pubkeylen;
5008
5009 switch (keys[tst].type) {
5010 case NID_X25519:
5011 case NID_X448:
5012 return TEST_skip("signing not supported for X25519/X448");
5013 }
5014
5015 /* Check if this algorithm supports public keys */
5016 if (keys[tst].pub == NULL)
5017 return TEST_skip("no public key present");
5018
5019 pubkey = (unsigned char *)keys[tst].pub;
5020 pubkeylen = strlen(keys[tst].pub);
5021
5022 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
5023 NULL, pubkey, pubkeylen);
5024 if (!TEST_ptr(pkey))
5025 goto err;
5026
5027 if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
5028 goto err;
5029
5030 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
5031 goto check_err;
5032
5033 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
5034 goto check_err;
5035
5036 if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
5037 goto err;
5038
5039 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
5040 goto err;
5041
5042 check_err:
5043 /*
5044 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
5045 * but we relax the check to allow error also thrown by
5046 * EVP_DigestSignInit and EVP_DigestSign.
5047 */
5048 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
5049 testresult = 1;
5050 ERR_clear_error();
5051 }
5052
5053 err:
5054 EVP_MD_CTX_free(ctx);
5055 OPENSSL_free(mac);
5056 EVP_PKEY_free(pkey);
5057
5058 return testresult;
5059}
5060#endif /* OPENSSL_NO_EC */
5061
5062static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5063 const unsigned char *gcm_iv, size_t gcm_ivlen,
5064 const unsigned char *gcm_pt, size_t gcm_pt_s,
5065 const unsigned char *gcm_aad, size_t gcm_aad_s,
5066 const unsigned char *gcm_ct, size_t gcm_ct_s,
5067 const unsigned char *gcm_tag, size_t gcm_tag_s)
5068{
5069 int ret = 0;
5070 EVP_CIPHER_CTX *ctx;
5071 EVP_CIPHER *cipher = NULL;
5072 int outlen, tmplen;
5073 unsigned char outbuf[1024];
5074 unsigned char outtag[16];
5075 OSSL_PARAM params[2] = {
5076 OSSL_PARAM_END, OSSL_PARAM_END
5077 };
5078
5079 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5080 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
5081 goto err;
5082
5083 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5084 &gcm_ivlen);
5085
5086 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5087 || (gcm_aad != NULL
5088 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
5089 gcm_aad, gcm_aad_s)))
5090 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5091 gcm_pt, gcm_pt_s))
5092 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5093 goto err;
5094
5095 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5096 outtag, sizeof(outtag));
5097
5098 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
5099 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
5100 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
5101 goto err;
5102
5103 ret = 1;
5104err:
5105 EVP_CIPHER_free(cipher);
5106 EVP_CIPHER_CTX_free(ctx);
5107
5108 return ret;
5109}
5110
5111static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
5112 const unsigned char *gcm_iv, size_t gcm_ivlen,
5113 const unsigned char *gcm_pt, size_t gcm_pt_s,
5114 const unsigned char *gcm_aad, size_t gcm_aad_s,
5115 const unsigned char *gcm_ct, size_t gcm_ct_s,
5116 const unsigned char *gcm_tag, size_t gcm_tag_s)
5117{
5118 int ret = 0;
5119 EVP_CIPHER_CTX *ctx;
5120 EVP_CIPHER *cipher = NULL;
5121 int outlen;
5122 unsigned char outbuf[1024];
5123 OSSL_PARAM params[2] = {
5124 OSSL_PARAM_END, OSSL_PARAM_END
5125 };
5126
5127 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5128 goto err;
5129
5130 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
5131 goto err;
5132
5133 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
5134 &gcm_ivlen);
5135
5136 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
5137 || (gcm_aad != NULL
5138 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
5139 gcm_aad, gcm_aad_s)))
5140 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5141 gcm_ct, gcm_ct_s))
5142 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
5143 goto err;
5144
5145 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
5146 (void*)gcm_tag, gcm_tag_s);
5147
5148 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
5149 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
5150 goto err;
5151
5152 ret = 1;
5153err:
5154 EVP_CIPHER_free(cipher);
5155 EVP_CIPHER_CTX_free(ctx);
5156
5157 return ret;
5158}
5159
5160static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
5161{
5162 /* AES-GCM test data obtained from NIST public test vectors */
5163 static const unsigned char gcm_key[] = {
5164 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
5165 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
5166 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
5167 };
5168 static const unsigned char gcm_iv[] = {
5169 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
5170 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
5171 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
5172 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
5173 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
5174 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
5175 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
5176 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
5177 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
5178 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
5179 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
5180 };
5181 static const unsigned char gcm_pt[] = {
5182 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
5183 0x4f, 0xe3, 0x6f, 0x81,
5184 };
5185 static const unsigned char gcm_ct[] = {
5186 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
5187 0xe2, 0xd0, 0xec, 0xed,
5188 };
5189 static const unsigned char gcm_tag[] = {
5190 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
5191 0xdb, 0x99, 0x6c, 0x21,
5192 };
5193
5194 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5195 gcm_pt, sizeof(gcm_pt), NULL, 0,
5196 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
5197 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
5198 gcm_pt, sizeof(gcm_pt), NULL, 0,
5199 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
5200}
5201
5202#ifndef OPENSSL_NO_RC4
5203static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5204 const unsigned char *rc4_pt, size_t rc4_pt_s,
5205 const unsigned char *rc4_ct, size_t rc4_ct_s)
5206{
5207 int ret = 0;
5208 EVP_CIPHER_CTX *ctx;
5209 EVP_CIPHER *cipher = NULL;
5210 int outlen, tmplen;
5211 unsigned char outbuf[1024];
5212 OSSL_PARAM params[2] = {
5213 OSSL_PARAM_END, OSSL_PARAM_END
5214 };
5215
5216 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
5217 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
5218 goto err;
5219
5220 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5221 &rc4_key_s);
5222
5223 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5224 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
5225 rc4_pt, rc4_pt_s))
5226 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
5227 goto err;
5228
5229 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
5230 goto err;
5231
5232 ret = 1;
5233err:
5234 EVP_CIPHER_free(cipher);
5235 EVP_CIPHER_CTX_free(ctx);
5236
5237 return ret;
5238}
5239
5240static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
5241 const unsigned char *rc4_pt, size_t rc4_pt_s,
5242 const unsigned char *rc4_ct, size_t rc4_ct_s)
5243{
5244 int ret = 0;
5245 EVP_CIPHER_CTX *ctx;
5246 EVP_CIPHER *cipher = NULL;
5247 int outlen;
5248 unsigned char outbuf[1024];
5249 OSSL_PARAM params[2] = {
5250 OSSL_PARAM_END, OSSL_PARAM_END
5251 };
5252
5253 if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
5254 goto err;
5255
5256 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
5257 goto err;
5258
5259 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
5260 &rc4_key_s);
5261
5262 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
5263 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
5264 rc4_ct, rc4_ct_s))
5265 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
5266 goto err;
5267
5268 ret = 1;
5269err:
5270 EVP_CIPHER_free(cipher);
5271 EVP_CIPHER_CTX_free(ctx);
5272
5273 return ret;
5274}
5275
5276static int test_aes_rc4_keylen_change_cve_2023_5363(void)
5277{
5278 /* RC4 test data obtained from RFC 6229 */
5279 static const struct {
5280 unsigned char key[5];
5281 unsigned char padding[11];
5282 } rc4_key = {
5283 { /* Five bytes of key material */
5284 0x83, 0x32, 0x22, 0x77, 0x2a,
5285 },
5286 { /* Random padding to 16 bytes */
5287 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
5288 }
5289 };
5290 static const unsigned char rc4_pt[] = {
5291 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5292 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5293 };
5294 static const unsigned char rc4_ct[] = {
5295 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
5296 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
5297 };
5298
5299 if (lgcyprov == NULL)
5300 return TEST_skip("Test requires legacy provider to be loaded");
5301
5302 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
5303 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
5304 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
5305 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
5306}
5307#endif
5308
5309int setup_tests(void)
5310{
5311 OPTION_CHOICE o;
5312
5313 while ((o = opt_next()) != OPT_EOF) {
5314 switch (o) {
5315 case OPT_CONTEXT:
5316 /* Set up an alternate library context */
5317 testctx = OSSL_LIB_CTX_new();
5318 if (!TEST_ptr(testctx))
5319 return 0;
5320#ifdef STATIC_LEGACY
5321 /*
5322 * This test is always statically linked against libcrypto. We must not
5323 * attempt to load legacy.so that might be dynamically linked against
5324 * libcrypto. Instead we use a built-in version of the legacy provider.
5325 */
5326 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init))
5327 return 0;
5328#endif
5329 /* Swap the libctx to test non-default context only */
5330 nullprov = OSSL_PROVIDER_load(NULL, "null");
5331 deflprov = OSSL_PROVIDER_load(testctx, "default");
5332#ifndef OPENSSL_SYS_TANDEM
5333 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
5334#endif
5335 break;
5336 case OPT_TEST_CASES:
5337 break;
5338 default:
5339 return 0;
5340 }
5341 }
5342
5343 ADD_TEST(test_EVP_set_default_properties);
5344 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
5345 ADD_TEST(test_EVP_DigestVerifyInit);
5346#ifndef OPENSSL_NO_SIPHASH
5347 ADD_TEST(test_siphash_digestsign);
5348#endif
5349 ADD_TEST(test_EVP_Digest);
5350 ADD_TEST(test_EVP_md_null);
5351 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
5352#ifndef OPENSSL_NO_DEPRECATED_3_0
5353 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
5354#endif
5355 ADD_ALL_TESTS(test_EVP_Enveloped, 2);
5356 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
5357 ADD_TEST(test_privatekey_to_pkcs8);
5358 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
5359#ifndef OPENSSL_NO_EC
5360 ADD_TEST(test_EVP_PKCS82PKEY);
5361#endif
5362#ifndef OPENSSL_NO_EC
5363 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
5364#endif
5365#if !defined(OPENSSL_NO_SM2)
5366 ADD_TEST(test_EVP_SM2);
5367 ADD_TEST(test_EVP_SM2_verify);
5368#endif
5369 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
5370#ifndef OPENSSL_NO_DEPRECATED_3_0
5371 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
5372 if (!TEST_ptr(custom_pmeth))
5373 return 0;
5374 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
5375 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
5376 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
5377 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
5378 return 0;
5379#endif
5380 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
5381#ifndef OPENSSL_NO_CMAC
5382 ADD_TEST(test_CMAC_keygen);
5383#endif
5384 ADD_TEST(test_HKDF);
5385 ADD_TEST(test_emptyikm_HKDF);
5386#ifndef OPENSSL_NO_EC
5387 ADD_TEST(test_X509_PUBKEY_inplace);
5388 ADD_TEST(test_X509_PUBKEY_dup);
5389 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
5390 OSSL_NELEM(ec_der_pub_keys));
5391#endif
5392#ifndef OPENSSL_NO_DSA
5393 ADD_TEST(test_DSA_get_set_params);
5394 ADD_TEST(test_DSA_priv_pub);
5395#endif
5396 ADD_TEST(test_RSA_get_set_params);
5397 ADD_TEST(test_RSA_OAEP_set_get_params);
5398 ADD_TEST(test_RSA_OAEP_set_null_label);
5399#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
5400 ADD_TEST(test_decrypt_null_chunks);
5401#endif
5402#ifndef OPENSSL_NO_DH
5403 ADD_TEST(test_DH_priv_pub);
5404# ifndef OPENSSL_NO_DEPRECATED_3_0
5405 ADD_TEST(test_EVP_PKEY_set1_DH);
5406# endif
5407#endif
5408#ifndef OPENSSL_NO_EC
5409 ADD_TEST(test_EC_priv_pub);
5410# ifndef OPENSSL_NO_DEPRECATED_3_0
5411 ADD_TEST(test_EC_priv_only_legacy);
5412# endif
5413#endif
5414 ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
5415 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
5416
5417 ADD_TEST(test_rand_agglomeration);
5418 ADD_ALL_TESTS(test_evp_iv_aes, 12);
5419#ifndef OPENSSL_NO_DES
5420 ADD_ALL_TESTS(test_evp_iv_des, 6);
5421#endif
5422#ifndef OPENSSL_NO_BF
5423 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
5424#endif
5425 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
5426 ADD_TEST(test_EVP_rsa_pss_set_saltlen);
5427#ifndef OPENSSL_NO_EC
5428 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
5429#endif
5430
5431 ADD_TEST(test_names_do_all);
5432
5433 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
5434 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
5435 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests));
5436 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
5437 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
5438 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
5439 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
5440 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
5441
5442#ifndef OPENSSL_NO_DEPRECATED_3_0
5443 ADD_ALL_TESTS(test_custom_pmeth, 12);
5444 ADD_TEST(test_evp_md_cipher_meth);
5445 ADD_TEST(test_custom_md_meth);
5446 ADD_TEST(test_custom_ciph_meth);
5447
5448# ifndef OPENSSL_NO_DYNAMIC_ENGINE
5449 /* Tests only support the default libctx */
5450 if (testctx == NULL) {
5451# ifndef OPENSSL_NO_EC
5452 ADD_ALL_TESTS(test_signatures_with_engine, 3);
5453# else
5454 ADD_ALL_TESTS(test_signatures_with_engine, 2);
5455# endif
5456 ADD_TEST(test_cipher_with_engine);
5457 }
5458# endif
5459#endif
5460
5461 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
5462
5463#ifndef OPENSSL_NO_EC
5464 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
5465#endif
5466
5467 /* Test cases for CVE-2023-5363 */
5468 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
5469#ifndef OPENSSL_NO_RC4
5470 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
5471#endif
5472
5473 return 1;
5474}
5475
5476void cleanup_tests(void)
5477{
5478 OSSL_PROVIDER_unload(nullprov);
5479 OSSL_PROVIDER_unload(deflprov);
5480#ifndef OPENSSL_SYS_TANDEM
5481 OSSL_PROVIDER_unload(lgcyprov);
5482#endif
5483 OSSL_LIB_CTX_free(testctx);
5484}
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette