1/* 2 * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* We need to use some deprecated APIs */ 11#define OPENSSL_SUPPRESS_DEPRECATED 12 13#include <stdio.h> 14#include <stdlib.h> 15#include <string.h> 16#include <openssl/bio.h> 17#include <openssl/conf.h> 18#include <openssl/crypto.h> 19#include <openssl/err.h> 20#include <openssl/evp.h> 21#include <openssl/x509.h> 22#include <openssl/pem.h> 23#include <openssl/kdf.h> 24#include <openssl/provider.h> 25#include <openssl/core_names.h> 26#include <openssl/params.h> 27#include <openssl/param_build.h> 28#include <openssl/dsa.h> 29#include <openssl/dh.h> 30#include <openssl/aes.h> 31#include <openssl/decoder.h> 32#include <openssl/rsa.h> 33#include <openssl/engine.h> 34#include <openssl/proverr.h> 35#include "testutil.h" 36#include "internal/nelem.h" 37#include "internal/sizes.h" 38#include "crypto/evp.h" 39 40static OSSL_LIB_CTX *testctx = NULL; 41static char *testpropq = NULL; 42 43static OSSL_PROVIDER *nullprov = NULL; 44static OSSL_PROVIDER *deflprov = NULL; 45static OSSL_PROVIDER *lgcyprov = NULL; 46 47/* 48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you 49 * should never use this key anywhere but in an example. 50 */ 51static const unsigned char kExampleRSAKeyDER[] = { 52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, 53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, 65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, 66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, 67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, 68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, 69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, 70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, 71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, 72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, 73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, 74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, 75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, 76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, 77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, 78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, 79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, 80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, 81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, 82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, 83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, 84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, 85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, 86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, 87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, 88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, 89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, 90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, 91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, 92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, 93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, 94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, 95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, 96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, 97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, 98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, 99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, 102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 103}; 104 105/* 106* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you 107 * should never use this key anywhere but in an example. 108 */ 109#ifndef OPENSSL_NO_DSA 110static const unsigned char kExampleDSAKeyDER[] = { 111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a, 112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d, 113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f, 114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42, 115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38, 116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e, 117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e, 118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04, 119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4, 120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b, 121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14, 122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e, 123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3, 124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef, 125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f, 126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef, 127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38, 128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f, 129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4, 130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d, 131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86, 132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6, 133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a, 134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19, 135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff, 136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f, 137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0, 138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69, 139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07, 140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9, 141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79, 142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f, 143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c, 144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12, 145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45, 146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8, 147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe, 148 0x40, 0x48 149}; 150#endif 151 152/* 153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private 154 * components are not correct. 155 */ 156static const unsigned char kExampleBadRSAKeyDER[] = { 157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, 159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, 160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, 161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, 162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, 163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, 164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, 165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, 166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, 167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, 168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, 169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, 170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, 171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, 172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, 173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, 174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, 175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, 176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, 177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, 178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, 179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, 181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, 182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, 183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, 184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, 185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, 186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, 187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, 188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, 189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, 190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, 191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, 192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, 193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, 194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, 195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, 196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, 197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, 198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, 199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, 200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, 201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, 202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, 203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, 204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, 205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, 206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, 207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, 208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, 209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, 210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, 211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, 212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, 213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, 214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, 215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, 216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, 217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, 218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, 219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, 220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, 221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, 222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, 223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, 224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, 225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, 226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, 227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, 228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, 229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, 230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, 231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, 232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, 233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, 234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, 235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, 236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, 237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, 238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, 239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, 240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, 241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, 242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, 245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce, 246}; 247 248/* 249 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All 250 * values are 0. 251 */ 252static const unsigned char kExampleBad2RSAKeyDER[] = { 253 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 254 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 255 0x01, 0x00, 0x02, 0x01, 0x00 256}; 257 258static const unsigned char kMsg[] = { 1, 2, 3, 4 }; 259 260static const unsigned char kSignature[] = { 261 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, 262 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, 263 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, 264 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, 265 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, 266 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, 267 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, 268 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 269 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 270 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, 271 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, 272}; 273 274/* 275 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 276 * PrivateKeyInfo. 277 */ 278static const unsigned char kExampleRSAKeyPKCS8[] = { 279 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 280 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 281 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 282 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 283 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 284 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 285 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 286 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 287 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 288 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 289 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 290 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 291 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 292 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 293 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 294 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 295 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 296 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 297 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 298 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 299 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 300 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 301 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 302 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 303 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 304 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 305 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 306 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 307 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 308 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 309 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 310 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 311 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 312 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 313 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 314 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 315 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 316 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 317 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 318 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 319 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 320 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 321 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 322 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 323 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 324 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 325 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 326 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 327 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 328 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 329 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 330 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 331 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 332}; 333 334#ifndef OPENSSL_NO_EC 335/* 336 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey 337 * structure. 338 */ 339static const unsigned char kExampleECKeyDER[] = { 340 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, 341 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, 342 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 343 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 344 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 345 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 346 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 347 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 348 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 349 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 350 0xc1, 351}; 352 353/* 354 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey 355 * structure. The private key is equal to the order and will fail to import 356 */ 357static const unsigned char kExampleBadECKeyDER[] = { 358 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 359 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 360 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, 361 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 362 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 363 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, 364 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 365 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 366 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 367}; 368 369/* prime256v1 */ 370static const unsigned char kExampleECPubKeyDER[] = { 371 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 372 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 373 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 374 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 375 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 376 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 377 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 378 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 379}; 380 381/* 382 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID 383 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key 384 */ 385static const unsigned char kExampleBadECPubKeyDER[] = { 386 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 387 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 388 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 389 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 390 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 391 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 392 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 393 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 394}; 395 396static const unsigned char pExampleECParamDER[] = { 397 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 398}; 399 400static const unsigned char kExampleED25519KeyDER[] = { 401 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 402 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a, 403 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46, 404 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50 405}; 406 407static const unsigned char kExampleED25519PubKeyDER[] = { 408 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 409 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45, 410 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40, 411 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29 412}; 413 414# ifndef OPENSSL_NO_DEPRECATED_3_0 415static const unsigned char kExampleX25519KeyDER[] = { 416 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 417 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6, 418 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac, 419 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e 420}; 421# endif 422#endif 423 424/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */ 425#ifndef OPENSSL_NO_DEPRECATED_3_0 426# ifndef OPENSSL_NO_DH 427static const unsigned char kExampleDHKeyDER[] = { 428 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09, 429 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87, 430 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d, 431 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e, 432 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63, 433 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81, 434 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f, 435 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53, 436 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53, 437 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f, 438 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74, 439 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34, 440 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53, 441 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3, 442 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a, 443 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9, 444 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0, 445 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48, 446 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1, 447 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43, 448 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f, 449 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f, 450 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97, 451 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06, 452 0x2e, 0x87, 0x2a, 0x0b, 0x7a 453}; 454# endif 455#endif 456 457static const unsigned char kCFBDefaultKey[] = { 458 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, 459 0x09, 0xCF, 0x4F, 0x3C 460}; 461 462static const unsigned char kGCMDefaultKey[32] = { 0 }; 463 464static const unsigned char kGCMResetKey[] = { 465 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 466 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 467 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 468}; 469 470static const unsigned char iCFBIV[] = { 471 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 472 0x0C, 0x0D, 0x0E, 0x0F 473}; 474 475static const unsigned char iGCMDefaultIV[12] = { 0 }; 476 477static const unsigned char iGCMResetIV1[] = { 478 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad 479}; 480 481static const unsigned char iGCMResetIV2[] = { 482 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 483}; 484 485static const unsigned char cfbPlaintext[] = { 486 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 487 0x73, 0x93, 0x17, 0x2A 488}; 489 490static const unsigned char gcmDefaultPlaintext[16] = { 0 }; 491 492static const unsigned char gcmResetPlaintext[] = { 493 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 494 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 495 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 496 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 497 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 498}; 499 500static const unsigned char cfbCiphertext[] = { 501 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 502 0xE8, 0x3C, 0xFB, 0x4A 503}; 504 505static const unsigned char gcmDefaultCiphertext[] = { 506 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, 507 0xba, 0xf3, 0x9d, 0x18 508}; 509 510static const unsigned char gcmResetCiphertext1[] = { 511 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b, 512 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, 513 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3, 514 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, 515 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f 516}; 517 518static const unsigned char gcmResetCiphertext2[] = { 519 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3, 520 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 521 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48, 522 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 523 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 524}; 525 526static const unsigned char gcmAAD[] = { 527 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 528 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 529}; 530 531static const unsigned char gcmDefaultTag[] = { 532 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5, 533 0xd4, 0x8a, 0xb9, 0x19 534}; 535 536static const unsigned char gcmResetTag1[] = { 537 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13, 538 0xfe, 0x2e, 0xa8, 0xf2 539}; 540 541static const unsigned char gcmResetTag2[] = { 542 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53, 543 0xbb, 0x2d, 0x55, 0x1b 544}; 545 546typedef struct APK_DATA_st { 547 const unsigned char *kder; 548 size_t size; 549 const char *keytype; 550 int evptype; 551 int check; 552 int pub_check; 553 int param_check; 554 int type; /* 0 for private, 1 for public, 2 for params */ 555} APK_DATA; 556 557static APK_DATA keydata[] = { 558 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA}, 559 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA}, 560#ifndef OPENSSL_NO_EC 561 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC} 562#endif 563}; 564 565static APK_DATA keycheckdata[] = { 566 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 567 0}, 568 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA, 569 0, 1, 1, 0}, 570 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA, 571 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0}, 572#ifndef OPENSSL_NO_EC 573 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0}, 574 /* group is also associated in our pub key */ 575 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 576 1, 1}, 577 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 578 2}, 579 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519", 580 EVP_PKEY_ED25519, 1, 1, 1, 0}, 581 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519", 582 EVP_PKEY_ED25519, 0, 1, 1, 1}, 583#endif 584}; 585 586static EVP_PKEY *load_example_key(const char *keytype, 587 const unsigned char *data, size_t data_len) 588{ 589 const unsigned char **pdata = &data; 590 EVP_PKEY *pkey = NULL; 591 OSSL_DECODER_CTX *dctx = 592 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0, 593 testctx, testpropq); 594 595 /* |pkey| will be NULL on error */ 596 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len); 597 OSSL_DECODER_CTX_free(dctx); 598 return pkey; 599} 600 601static EVP_PKEY *load_example_rsa_key(void) 602{ 603 return load_example_key("RSA", kExampleRSAKeyDER, 604 sizeof(kExampleRSAKeyDER)); 605} 606 607#ifndef OPENSSL_NO_DSA 608static EVP_PKEY *load_example_dsa_key(void) 609{ 610 return load_example_key("DSA", kExampleDSAKeyDER, 611 sizeof(kExampleDSAKeyDER)); 612} 613#endif 614 615#ifndef OPENSSL_NO_EC 616static EVP_PKEY *load_example_ec_key(void) 617{ 618 return load_example_key("EC", kExampleECKeyDER, 619 sizeof(kExampleECKeyDER)); 620} 621#endif 622 623#ifndef OPENSSL_NO_DEPRECATED_3_0 624# ifndef OPENSSL_NO_DH 625static EVP_PKEY *load_example_dh_key(void) 626{ 627 return load_example_key("DH", kExampleDHKeyDER, 628 sizeof(kExampleDHKeyDER)); 629} 630# endif 631 632# ifndef OPENSSL_NO_EC 633static EVP_PKEY *load_example_ed25519_key(void) 634{ 635 return load_example_key("ED25519", kExampleED25519KeyDER, 636 sizeof(kExampleED25519KeyDER)); 637} 638 639static EVP_PKEY *load_example_x25519_key(void) 640{ 641 return load_example_key("X25519", kExampleX25519KeyDER, 642 sizeof(kExampleX25519KeyDER)); 643} 644# endif 645#endif /* OPENSSL_NO_DEPRECATED_3_0 */ 646 647static EVP_PKEY *load_example_hmac_key(void) 648{ 649 EVP_PKEY *pkey = NULL; 650 unsigned char key[] = { 651 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 652 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 653 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 654 }; 655 656 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC", 657 NULL, key, sizeof(key)); 658 if (!TEST_ptr(pkey)) 659 return NULL; 660 661 return pkey; 662} 663 664static int test_EVP_set_default_properties(void) 665{ 666 OSSL_LIB_CTX *ctx; 667 EVP_MD *md = NULL; 668 int res = 0; 669 670 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new()) 671 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 672 goto err; 673 EVP_MD_free(md); 674 md = NULL; 675 676 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang")) 677 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL)) 678 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider"))) 679 goto err; 680 EVP_MD_free(md); 681 md = NULL; 682 683 if (!TEST_true(EVP_set_default_properties(ctx, NULL)) 684 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 685 goto err; 686 res = 1; 687err: 688 EVP_MD_free(md); 689 OSSL_LIB_CTX_free(ctx); 690 return res; 691} 692 693#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 694static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params) 695{ 696 EVP_PKEY_CTX *pctx = NULL; 697 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL; 698 699 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq))) 700 goto err; 701 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 702 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR, 703 params), 0)) 704 goto err; 705 706 if (!TEST_ptr(tmp_pkey)) 707 goto err; 708 709 pkey = tmp_pkey; 710 tmp_pkey = NULL; 711 err: 712 EVP_PKEY_free(tmp_pkey); 713 EVP_PKEY_CTX_free(pctx); 714 return pkey; 715} 716 717static int test_selection(EVP_PKEY *pkey, int selection) 718{ 719 int testresult = 0; 720 int ret; 721 BIO *bio = BIO_new(BIO_s_mem()); 722 723 ret = PEM_write_bio_PUBKEY(bio, pkey); 724 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 725 if (!TEST_true(ret)) 726 goto err; 727 } else { 728 if (!TEST_false(ret)) 729 goto err; 730 } 731 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL, 732 testctx, NULL); 733 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 734 if (!TEST_true(ret)) 735 goto err; 736 } else { 737 if (!TEST_false(ret)) 738 goto err; 739 } 740 741 testresult = 1; 742 err: 743 BIO_free(bio); 744 745 return testresult; 746} 747#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */ 748 749/* 750 * Test combinations of private, public, missing and private + public key 751 * params to ensure they are all accepted 752 */ 753#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) 754static int test_EVP_PKEY_ffc_priv_pub(char *keytype) 755{ 756 OSSL_PARAM_BLD *bld = NULL; 757 OSSL_PARAM *params = NULL; 758 EVP_PKEY *just_params = NULL; 759 EVP_PKEY *params_and_priv = NULL; 760 EVP_PKEY *params_and_pub = NULL; 761 EVP_PKEY *params_and_keypair = NULL; 762 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 763 int ret = 0; 764 765 /* 766 * Setup the parameters for our pkey object. For our purposes they don't 767 * have to actually be *valid* parameters. We just need to set something. 768 */ 769 if (!TEST_ptr(p = BN_new()) 770 || !TEST_ptr(q = BN_new()) 771 || !TEST_ptr(g = BN_new()) 772 || !TEST_ptr(pub = BN_new()) 773 || !TEST_ptr(priv = BN_new())) 774 goto err; 775 776 /* Test !priv and !pub */ 777 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 780 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))) 781 goto err; 782 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 783 || !TEST_ptr(just_params = make_key_fromdata(keytype, params))) 784 goto err; 785 786 OSSL_PARAM_free(params); 787 OSSL_PARAM_BLD_free(bld); 788 params = NULL; 789 bld = NULL; 790 791 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 792 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 793 goto err; 794 795 /* Test priv and !pub */ 796 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 800 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 801 priv))) 802 goto err; 803 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 804 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params))) 805 goto err; 806 807 OSSL_PARAM_free(params); 808 OSSL_PARAM_BLD_free(bld); 809 params = NULL; 810 bld = NULL; 811 812 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY) 813 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 814 goto err; 815 816 /* Test !priv and pub */ 817 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 821 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 822 pub))) 823 goto err; 824 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 825 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params))) 826 goto err; 827 828 OSSL_PARAM_free(params); 829 OSSL_PARAM_BLD_free(bld); 830 params = NULL; 831 bld = NULL; 832 833 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 834 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 835 goto err; 836 837 /* Test priv and pub */ 838 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 842 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 843 pub)) 844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 845 priv))) 846 goto err; 847 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 848 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params))) 849 goto err; 850 851 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 852 goto err; 853 854 ret = 1; 855 err: 856 OSSL_PARAM_free(params); 857 OSSL_PARAM_BLD_free(bld); 858 EVP_PKEY_free(just_params); 859 EVP_PKEY_free(params_and_priv); 860 EVP_PKEY_free(params_and_pub); 861 EVP_PKEY_free(params_and_keypair); 862 BN_free(p); 863 BN_free(q); 864 BN_free(g); 865 BN_free(pub); 866 BN_free(priv); 867 868 return ret; 869} 870#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */ 871 872/* 873 * Test combinations of private, public, missing and private + public key 874 * params to ensure they are all accepted for EC keys 875 */ 876#ifndef OPENSSL_NO_EC 877static unsigned char ec_priv[] = { 878 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23, 879 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5, 880 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16 881}; 882static unsigned char ec_pub[] = { 883 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97, 884 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81, 885 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d, 886 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e, 887 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1, 888 0x08, 0x09, 0xb8, 0xdb, 0x03 889}; 890 891static int test_EC_priv_pub(void) 892{ 893 OSSL_PARAM_BLD *bld = NULL; 894 OSSL_PARAM *params = NULL; 895 EVP_PKEY *just_params = NULL; 896 EVP_PKEY *params_and_priv = NULL; 897 EVP_PKEY *params_and_pub = NULL; 898 EVP_PKEY *params_and_keypair = NULL; 899 BIGNUM *priv = NULL; 900 int ret = 0; 901 unsigned char *encoded = NULL; 902 size_t len = 0; 903 unsigned char buffer[128]; 904 905 /* 906 * Setup the parameters for our pkey object. For our purposes they don't 907 * have to actually be *valid* parameters. We just need to set something. 908 */ 909 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 910 goto err; 911 912 /* Test !priv and !pub */ 913 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 914 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 915 OSSL_PKEY_PARAM_GROUP_NAME, 916 "P-256", 0))) 917 goto err; 918 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 919 || !TEST_ptr(just_params = make_key_fromdata("EC", params))) 920 goto err; 921 922 OSSL_PARAM_free(params); 923 OSSL_PARAM_BLD_free(bld); 924 params = NULL; 925 bld = NULL; 926 927 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 928 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 929 goto err; 930 931 /* Test priv and !pub */ 932 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 933 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 934 OSSL_PKEY_PARAM_GROUP_NAME, 935 "P-256", 0)) 936 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 937 priv))) 938 goto err; 939 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 940 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params))) 941 goto err; 942 943 OSSL_PARAM_free(params); 944 OSSL_PARAM_BLD_free(bld); 945 params = NULL; 946 bld = NULL; 947 948 /* 949 * We indicate only parameters here, in spite of having built a key that 950 * has a private part, because the PEM_write_bio_PrivateKey_ex call is 951 * expected to fail because it does not support exporting a private EC 952 * key without a corresponding public key 953 */ 954 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 955 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 956 goto err; 957 958 /* Test !priv and pub */ 959 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 960 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 961 OSSL_PKEY_PARAM_GROUP_NAME, 962 "P-256", 0)) 963 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 964 OSSL_PKEY_PARAM_PUB_KEY, 965 ec_pub, sizeof(ec_pub)))) 966 goto err; 967 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 968 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params))) 969 goto err; 970 971 OSSL_PARAM_free(params); 972 OSSL_PARAM_BLD_free(bld); 973 params = NULL; 974 bld = NULL; 975 976 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 977 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 978 goto err; 979 980 /* Test priv and pub */ 981 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 982 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 983 OSSL_PKEY_PARAM_GROUP_NAME, 984 "P-256", 0)) 985 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 986 OSSL_PKEY_PARAM_PUB_KEY, 987 ec_pub, sizeof(ec_pub))) 988 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 989 priv))) 990 goto err; 991 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 992 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params))) 993 goto err; 994 995 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 996 goto err; 997 998 /* Try key equality */ 999 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0) 1000 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub), 1001 0) 1002 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv), 1003 0) 1004 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair), 1005 0) 1006 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0) 1007 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0) 1008 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0) 1009 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0)) 1010 goto err; 1011 1012 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */ 1013 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0)) 1014 goto err; 1015 OPENSSL_free(encoded); 1016 encoded = NULL; 1017 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) { 1018 OPENSSL_free(encoded); 1019 encoded = NULL; 1020 goto err; 1021 } 1022 1023 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */ 1024 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1025 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1026 buffer, sizeof(buffer), &len), 1) 1027 || !TEST_int_eq(len, 65)) 1028 goto err; 1029 1030 len = 0; 1031 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1032 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1033 NULL, 0, &len), 1) 1034 || !TEST_int_eq(len, 65)) 1035 goto err; 1036 1037 /* too-short buffer len*/ 1038 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1039 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1040 buffer, 10, &len), 0)) 1041 goto err; 1042 1043 ret = 1; 1044 err: 1045 OSSL_PARAM_free(params); 1046 OSSL_PARAM_BLD_free(bld); 1047 EVP_PKEY_free(just_params); 1048 EVP_PKEY_free(params_and_priv); 1049 EVP_PKEY_free(params_and_pub); 1050 EVP_PKEY_free(params_and_keypair); 1051 BN_free(priv); 1052 1053 return ret; 1054} 1055 1056/* Test that using a legacy EC key with only a private key in it works */ 1057# ifndef OPENSSL_NO_DEPRECATED_3_0 1058static int test_EC_priv_only_legacy(void) 1059{ 1060 BIGNUM *priv = NULL; 1061 int ret = 0; 1062 EC_KEY *eckey = NULL; 1063 EVP_PKEY *pkey = NULL, *dup_pk = NULL; 1064 EVP_MD_CTX *ctx = NULL; 1065 1066 /* Create the low level EC_KEY */ 1067 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1068 goto err; 1069 1070 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 1071 if (!TEST_ptr(eckey)) 1072 goto err; 1073 1074 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1075 goto err; 1076 1077 pkey = EVP_PKEY_new(); 1078 if (!TEST_ptr(pkey)) 1079 goto err; 1080 1081 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1082 goto err; 1083 eckey = NULL; 1084 1085 while (dup_pk == NULL) { 1086 ret = 0; 1087 ctx = EVP_MD_CTX_new(); 1088 if (!TEST_ptr(ctx)) 1089 goto err; 1090 1091 /* 1092 * The EVP_DigestSignInit function should create the key on the 1093 * provider side which is sufficient for this test. 1094 */ 1095 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx, 1096 testpropq, pkey, NULL))) 1097 goto err; 1098 EVP_MD_CTX_free(ctx); 1099 ctx = NULL; 1100 1101 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))) 1102 goto err; 1103 /* EVP_PKEY_eq() returns -2 with missing public keys */ 1104 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2); 1105 EVP_PKEY_free(pkey); 1106 pkey = dup_pk; 1107 if (!ret) 1108 goto err; 1109 } 1110 1111 err: 1112 EVP_MD_CTX_free(ctx); 1113 EVP_PKEY_free(pkey); 1114 EC_KEY_free(eckey); 1115 BN_free(priv); 1116 1117 return ret; 1118} 1119# endif /* OPENSSL_NO_DEPRECATED_3_0 */ 1120#endif /* OPENSSL_NO_EC */ 1121 1122static int test_EVP_PKEY_sign(int tst) 1123{ 1124 int ret = 0; 1125 EVP_PKEY *pkey = NULL; 1126 unsigned char *sig = NULL; 1127 size_t sig_len = 0, shortsig_len = 1; 1128 EVP_PKEY_CTX *ctx = NULL; 1129 unsigned char tbs[] = { 1130 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1131 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1132 }; 1133 1134 if (tst == 0 ) { 1135 if (!TEST_ptr(pkey = load_example_rsa_key())) 1136 goto out; 1137 } else if (tst == 1) { 1138#ifndef OPENSSL_NO_DSA 1139 if (!TEST_ptr(pkey = load_example_dsa_key())) 1140 goto out; 1141#else 1142 ret = 1; 1143 goto out; 1144#endif 1145 } else { 1146#ifndef OPENSSL_NO_EC 1147 if (!TEST_ptr(pkey = load_example_ec_key())) 1148 goto out; 1149#else 1150 ret = 1; 1151 goto out; 1152#endif 1153 } 1154 1155 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1156 if (!TEST_ptr(ctx) 1157 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1158 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1159 sizeof(tbs)), 0)) 1160 goto out; 1161 sig = OPENSSL_malloc(sig_len); 1162 if (!TEST_ptr(sig) 1163 /* Test sending a signature buffer that is too short is rejected */ 1164 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1165 sizeof(tbs)), 0) 1166 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1167 0) 1168 /* Test the signature round-trips */ 1169 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1170 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1171 0)) 1172 goto out; 1173 1174 ret = 1; 1175 out: 1176 EVP_PKEY_CTX_free(ctx); 1177 OPENSSL_free(sig); 1178 EVP_PKEY_free(pkey); 1179 return ret; 1180} 1181 1182/* 1183 * n = 0 => test using legacy cipher 1184 * n = 1 => test using fetched cipher 1185 */ 1186static int test_EVP_Enveloped(int n) 1187{ 1188 int ret = 0; 1189 EVP_CIPHER_CTX *ctx = NULL; 1190 EVP_PKEY *keypair = NULL; 1191 unsigned char *kek = NULL; 1192 unsigned char iv[EVP_MAX_IV_LENGTH]; 1193 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; 1194 int len, kek_len, ciphertext_len, plaintext_len; 1195 unsigned char ciphertext[32], plaintext[16]; 1196 EVP_CIPHER *type = NULL; 1197 1198 if (nullprov != NULL) 1199 return TEST_skip("Test does not support a non-default library context"); 1200 1201 if (n == 0) 1202 type = (EVP_CIPHER *)EVP_aes_256_cbc(); 1203 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC", 1204 testpropq))) 1205 goto err; 1206 1207 if (!TEST_ptr(keypair = load_example_rsa_key()) 1208 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair))) 1209 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 1210 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, 1211 &keypair, 1)) 1212 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, 1213 msg, sizeof(msg))) 1214 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, 1215 &len))) 1216 goto err; 1217 1218 ciphertext_len += len; 1219 1220 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) 1221 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, 1222 ciphertext, ciphertext_len)) 1223 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) 1224 goto err; 1225 1226 plaintext_len += len; 1227 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) 1228 goto err; 1229 1230 ret = 1; 1231err: 1232 if (n != 0) 1233 EVP_CIPHER_free(type); 1234 OPENSSL_free(kek); 1235 EVP_PKEY_free(keypair); 1236 EVP_CIPHER_CTX_free(ctx); 1237 return ret; 1238} 1239 1240/* 1241 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA) 1242 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA) 1243 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC) 1244 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA) 1245 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA) 1246 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC) 1247 * Test 6: Use an MD BIO to do the Update calls instead (RSA) 1248 * Test 7: Use an MD BIO to do the Update calls instead (DSA) 1249 * Test 8: Use an MD BIO to do the Update calls instead (HMAC) 1250 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig) 1251 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig) 1252 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig) 1253 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA) 1254 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA) 1255 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC) 1256 * Test 15-29: Same as above with reinitialization 1257 */ 1258static int test_EVP_DigestSignInit(int tst) 1259{ 1260 int ret = 0; 1261 EVP_PKEY *pkey = NULL; 1262 unsigned char *sig = NULL, *sig2 = NULL; 1263 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1; 1264 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL; 1265 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL; 1266 BIO *mdbio = NULL, *membio = NULL; 1267 size_t written; 1268 const EVP_MD *md; 1269 EVP_MD *mdexp = NULL; 1270 int reinit = 0; 1271 1272 if (nullprov != NULL) 1273 return TEST_skip("Test does not support a non-default library context"); 1274 1275 if (tst >= 15) { 1276 reinit = 1; 1277 tst -= 15; 1278 } 1279 1280 if (tst >= 6 && tst <= 8) { 1281 membio = BIO_new(BIO_s_mem()); 1282 mdbio = BIO_new(BIO_f_md()); 1283 if (!TEST_ptr(membio) || !TEST_ptr(mdbio)) 1284 goto out; 1285 BIO_push(mdbio, membio); 1286 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0)) 1287 goto out; 1288 } else { 1289 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new()) 1290 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new())) 1291 goto out; 1292 } 1293 1294 if (tst % 3 == 0) { 1295 if (!TEST_ptr(pkey = load_example_rsa_key())) 1296 goto out; 1297 } else if (tst % 3 == 1) { 1298#ifndef OPENSSL_NO_DSA 1299 if (!TEST_ptr(pkey = load_example_dsa_key())) 1300 goto out; 1301#else 1302 ret = 1; 1303 goto out; 1304#endif 1305 } else { 1306 if (!TEST_ptr(pkey = load_example_hmac_key())) 1307 goto out; 1308 } 1309 1310 if (tst >= 3 && tst <= 5) 1311 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL); 1312 else 1313 md = EVP_sha256(); 1314 1315 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey))) 1316 goto out; 1317 1318 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL))) 1319 goto out; 1320 1321 if (tst >= 6 && tst <= 8) { 1322 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)) 1323 goto out; 1324 } else if (tst < 6) { 1325 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 1326 goto out; 1327 } 1328 1329 if (tst >= 9) { 1330 /* Determine the size of the signature. */ 1331 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg, 1332 sizeof(kMsg))) 1333 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))) 1334 goto out; 1335 if (tst <= 11) { 1336 /* Test that supply a short sig buffer fails */ 1337 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg, 1338 sizeof(kMsg)))) 1339 goto out; 1340 /* 1341 * We end here because once EVP_DigestSign() has failed you should 1342 * not call it again without re-initing the ctx 1343 */ 1344 ret = 1; 1345 goto out; 1346 } 1347 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg, 1348 sizeof(kMsg)))) 1349 goto out; 1350 } else { 1351 /* Determine the size of the signature. */ 1352 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) 1353 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)) 1354 /* 1355 * Trying to create a signature with a deliberately short 1356 * buffer should fail. 1357 */ 1358 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len)) 1359 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 1360 goto out; 1361 } 1362 1363 /* 1364 * Ensure that the signature round-trips (Verification isn't supported for 1365 * HMAC via EVP_DigestVerify*) 1366 */ 1367 if (tst % 3 != 2) { 1368 if (tst >= 6 && tst <= 8) { 1369 if (!TEST_int_gt(BIO_reset(mdbio), 0) 1370 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) 1371 goto out; 1372 } 1373 1374 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md, 1375 NULL, pkey))) 1376 goto out; 1377 1378 if (tst >= 6 && tst <= 8) { 1379 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))) 1380 goto out; 1381 } else { 1382 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, 1383 sizeof(kMsg)))) 1384 goto out; 1385 } 1386 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1387 goto out; 1388 1389 /* Multiple calls to EVP_DigestVerifyFinal should work */ 1390 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1391 goto out; 1392 } else { 1393 /* 1394 * For HMAC a doubled call to DigestSignFinal should produce the same 1395 * value as finalization should not happen. 1396 */ 1397 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len)) 1398 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len)) 1399 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len))) 1400 goto out; 1401 1402 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len)) 1403 goto out; 1404 } 1405 1406 ret = 1; 1407 1408 out: 1409 BIO_free(membio); 1410 BIO_free(mdbio); 1411 EVP_MD_CTX_free(a_md_ctx); 1412 EVP_MD_CTX_free(a_md_ctx_verify); 1413 EVP_PKEY_free(pkey); 1414 OPENSSL_free(sig); 1415 OPENSSL_free(sig2); 1416 EVP_MD_free(mdexp); 1417 1418 return ret; 1419} 1420 1421static int test_EVP_DigestVerifyInit(void) 1422{ 1423 int ret = 0; 1424 EVP_PKEY *pkey = NULL; 1425 EVP_MD_CTX *md_ctx = NULL; 1426 1427 if (nullprov != NULL) 1428 return TEST_skip("Test does not support a non-default library context"); 1429 1430 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 1431 || !TEST_ptr(pkey = load_example_rsa_key())) 1432 goto out; 1433 1434 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 1435 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 1436 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 1437 sizeof(kSignature)), 0)) 1438 goto out; 1439 1440 /* test with reinitialization */ 1441 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL)) 1442 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 1443 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 1444 sizeof(kSignature)), 0)) 1445 goto out; 1446 ret = 1; 1447 1448 out: 1449 EVP_MD_CTX_free(md_ctx); 1450 EVP_PKEY_free(pkey); 1451 return ret; 1452} 1453 1454#ifndef OPENSSL_NO_SIPHASH 1455/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */ 1456static int test_siphash_digestsign(void) 1457{ 1458 unsigned char key[16]; 1459 unsigned char buf[8], digest[8]; 1460 unsigned char expected[8] = { 1461 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2 1462 }; 1463 EVP_PKEY *pkey = NULL; 1464 EVP_MD_CTX *mdctx = NULL; 1465 EVP_PKEY_CTX *ctx = NULL; 1466 int ret = 0; 1467 size_t len = 8; 1468 1469 if (nullprov != NULL) 1470 return TEST_skip("Test does not support a non-default library context"); 1471 1472 memset(buf, 0, 8); 1473 memset(key, 1, 16); 1474 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL, 1475 key, 16))) 1476 goto out; 1477 1478 if (!TEST_ptr(mdctx = EVP_MD_CTX_create())) 1479 goto out; 1480 1481 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey))) 1482 goto out; 1483 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX, 1484 EVP_PKEY_CTRL_SET_DIGEST_SIZE, 1485 8, NULL), 1)) 1486 goto out; 1487 /* reinitialize */ 1488 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL))) 1489 goto out; 1490 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8))) 1491 goto out; 1492 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len))) 1493 goto out; 1494 if (!TEST_mem_eq(digest, len, expected, sizeof(expected))) 1495 goto out; 1496 1497 ret = 1; 1498 out: 1499 EVP_PKEY_free(pkey); 1500 EVP_MD_CTX_free(mdctx); 1501 return ret; 1502} 1503#endif 1504 1505/* 1506 * Test corner cases of EVP_DigestInit/Update/Final API call behavior. 1507 */ 1508static int test_EVP_Digest(void) 1509{ 1510 int ret = 0; 1511 EVP_MD_CTX *md_ctx = NULL; 1512 unsigned char md[EVP_MAX_MD_SIZE]; 1513 EVP_MD *sha256 = NULL; 1514 EVP_MD *shake256 = NULL; 1515 1516 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 1517 goto out; 1518 1519 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq)) 1520 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq))) 1521 goto out; 1522 1523 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 1524 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 1525 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL)) 1526 /* EVP_DigestFinal resets the EVP_MD_CTX. */ 1527 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL)) 1528 goto out; 1529 1530 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 1531 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 1532 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL)) 1533 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */ 1534 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 1535 /* 1536 * EVP_DigestInit_ex with NULL type should work on 1537 * pre-initialized context. 1538 */ 1539 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 1540 goto out; 1541 1542 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL)) 1543 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 1544 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md))) 1545 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */ 1546 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 1547 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 1548 goto out; 1549 ret = 1; 1550 1551 out: 1552 EVP_MD_CTX_free(md_ctx); 1553 EVP_MD_free(sha256); 1554 EVP_MD_free(shake256); 1555 return ret; 1556} 1557 1558static int test_EVP_md_null(void) 1559{ 1560 int ret = 0; 1561 EVP_MD_CTX *md_ctx = NULL; 1562 const EVP_MD *md_null = EVP_md_null(); 1563 unsigned char md_value[EVP_MAX_MD_SIZE]; 1564 unsigned int md_len = sizeof(md_value); 1565 1566 if (nullprov != NULL) 1567 return TEST_skip("Test does not support a non-default library context"); 1568 1569 if (!TEST_ptr(md_null) 1570 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())) 1571 goto out; 1572 1573 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL)) 1574 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4)) 1575 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len))) 1576 goto out; 1577 1578 if (!TEST_uint_eq(md_len, 0)) 1579 goto out; 1580 1581 ret = 1; 1582 out: 1583 EVP_MD_CTX_free(md_ctx); 1584 return ret; 1585} 1586 1587static int test_d2i_AutoPrivateKey(int i) 1588{ 1589 int ret = 0; 1590 const unsigned char *p; 1591 EVP_PKEY *pkey = NULL; 1592 const APK_DATA *ak = &keydata[i]; 1593 const unsigned char *input = ak->kder; 1594 size_t input_len = ak->size; 1595 int expected_id = ak->evptype; 1596 1597 p = input; 1598 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 1599 || !TEST_ptr_eq(p, input + input_len) 1600 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 1601 goto done; 1602 1603 ret = 1; 1604 1605 done: 1606 EVP_PKEY_free(pkey); 1607 return ret; 1608} 1609 1610#ifndef OPENSSL_NO_EC 1611 1612static const unsigned char ec_public_sect163k1_validxy[] = { 1613 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 1614 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 1615 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 1616 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b, 1617 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 1618 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 1619}; 1620 1621static const unsigned char ec_public_sect163k1_badx[] = { 1622 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 1623 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 1624 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 1625 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b, 1626 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 1627 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 1628}; 1629 1630static const unsigned char ec_public_sect163k1_bady[] = { 1631 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 1632 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 1633 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 1634 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b, 1635 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 1636 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6 1637}; 1638 1639static struct ec_der_pub_keys_st { 1640 const unsigned char *der; 1641 size_t len; 1642 int valid; 1643} ec_der_pub_keys[] = { 1644 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 }, 1645 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 }, 1646 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 }, 1647}; 1648 1649/* 1650 * Tests the range of the decoded EC char2 public point. 1651 * See ec_GF2m_simple_oct2point(). 1652 */ 1653static int test_invalide_ec_char2_pub_range_decode(int id) 1654{ 1655 int ret = 0; 1656 EVP_PKEY *pkey; 1657 1658 pkey = load_example_key("EC", ec_der_pub_keys[id].der, 1659 ec_der_pub_keys[id].len); 1660 1661 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey)) 1662 || TEST_ptr_null(pkey); 1663 EVP_PKEY_free(pkey); 1664 return ret; 1665} 1666 1667/* Tests loading a bad key in PKCS8 format */ 1668static int test_EVP_PKCS82PKEY(void) 1669{ 1670 int ret = 0; 1671 const unsigned char *derp = kExampleBadECKeyDER; 1672 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 1673 EVP_PKEY *pkey = NULL; 1674 1675 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, 1676 sizeof(kExampleBadECKeyDER)))) 1677 goto done; 1678 1679 if (!TEST_ptr_eq(derp, 1680 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) 1681 goto done; 1682 1683 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) 1684 goto done; 1685 1686 ret = 1; 1687 1688 done: 1689 PKCS8_PRIV_KEY_INFO_free(p8inf); 1690 EVP_PKEY_free(pkey); 1691 1692 return ret; 1693} 1694 1695#endif 1696static int test_EVP_PKCS82PKEY_wrong_tag(void) 1697{ 1698 EVP_PKEY *pkey = NULL; 1699 EVP_PKEY *pkey2 = NULL; 1700 BIO *membio = NULL; 1701 char *membuf = NULL; 1702 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 1703 int ok = 0; 1704 1705 if (testctx != NULL) 1706 /* test not supported with non-default context */ 1707 return 1; 1708 1709 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 1710 || !TEST_ptr(pkey = load_example_rsa_key()) 1711 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 1712 NULL, 0, NULL, NULL), 1713 0) 1714 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0) 1715 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL)) 1716 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf)) 1717 || !TEST_int_eq(ERR_peek_last_error(), 0)) { 1718 goto done; 1719 } 1720 1721 ok = 1; 1722 done: 1723 EVP_PKEY_free(pkey); 1724 EVP_PKEY_free(pkey2); 1725 PKCS8_PRIV_KEY_INFO_free(p8inf); 1726 BIO_free_all(membio); 1727 return ok; 1728} 1729 1730/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */ 1731static int test_privatekey_to_pkcs8(void) 1732{ 1733 EVP_PKEY *pkey = NULL; 1734 BIO *membio = NULL; 1735 char *membuf = NULL; 1736 long membuf_len = 0; 1737 int ok = 0; 1738 1739 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 1740 || !TEST_ptr(pkey = load_example_rsa_key()) 1741 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 1742 NULL, 0, NULL, NULL), 1743 0) 1744 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0) 1745 || !TEST_ptr(membuf) 1746 || !TEST_mem_eq(membuf, (size_t)membuf_len, 1747 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) 1748 /* 1749 * We try to write PEM as well, just to see that it doesn't err, but 1750 * assume that the result is correct. 1751 */ 1752 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL, 1753 NULL, 0, NULL, NULL), 1754 0)) 1755 goto done; 1756 1757 ok = 1; 1758 done: 1759 EVP_PKEY_free(pkey); 1760 BIO_free_all(membio); 1761 return ok; 1762} 1763 1764#ifndef OPENSSL_NO_EC 1765static const struct { 1766 int encoding; 1767 const char *encoding_name; 1768} ec_encodings[] = { 1769 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT }, 1770 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP } 1771}; 1772 1773static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg) 1774{ 1775 const OSSL_PARAM *p; 1776 const char *enc_name = NULL; 1777 int *enc = arg; 1778 size_t i; 1779 1780 *enc = -1; 1781 1782 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, 1783 OSSL_PKEY_PARAM_EC_ENCODING)) 1784 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name))) 1785 return 0; 1786 1787 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) { 1788 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { 1789 *enc = ec_encodings[i].encoding; 1790 break; 1791 } 1792 } 1793 1794 return (*enc != -1); 1795} 1796 1797static int test_EC_keygen_with_enc(int idx) 1798{ 1799 EVP_PKEY *params = NULL, *key = NULL; 1800 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL; 1801 int enc; 1802 int ret = 0; 1803 1804 enc = ec_encodings[idx].encoding; 1805 1806 /* Create key parameters */ 1807 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL)) 1808 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0) 1809 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0) 1810 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0) 1811 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)) 1812 || !TEST_ptr(params)) 1813 goto done; 1814 1815 /* Create key */ 1816 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL)) 1817 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 1818 || !TEST_true(EVP_PKEY_keygen(kctx, &key)) 1819 || !TEST_ptr(key)) 1820 goto done; 1821 1822 /* Check that the encoding got all the way into the key */ 1823 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL, 1824 ec_export_get_encoding_cb, &enc)) 1825 || !TEST_int_eq(enc, ec_encodings[idx].encoding)) 1826 goto done; 1827 1828 ret = 1; 1829 done: 1830 EVP_PKEY_free(key); 1831 EVP_PKEY_free(params); 1832 EVP_PKEY_CTX_free(kctx); 1833 EVP_PKEY_CTX_free(pctx); 1834 return ret; 1835} 1836#endif 1837 1838#if !defined(OPENSSL_NO_SM2) 1839 1840static int test_EVP_SM2_verify(void) 1841{ 1842 const char *pubkey = 1843 "-----BEGIN PUBLIC KEY-----\n" 1844 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n" 1845 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n" 1846 "-----END PUBLIC KEY-----\n"; 1847 1848 const char *msg = "message digest"; 1849 const char *id = "ALICE123@YAHOO.COM"; 1850 1851 const uint8_t signature[] = { 1852 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb, 1853 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06, 1854 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36, 1855 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d, 1856 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07, 1857 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24, 1858 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70 1859 }; 1860 1861 int rc = 0; 1862 BIO *bio = NULL; 1863 EVP_PKEY *pkey = NULL; 1864 EVP_MD_CTX *mctx = NULL; 1865 EVP_PKEY_CTX *pctx = NULL; 1866 EVP_MD *sm3 = NULL; 1867 1868 bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); 1869 if (!TEST_true(bio != NULL)) 1870 goto done; 1871 1872 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq); 1873 if (!TEST_true(pkey != NULL)) 1874 goto done; 1875 1876 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2"))) 1877 goto done; 1878 1879 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 1880 goto done; 1881 1882 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 1883 goto done; 1884 1885 EVP_MD_CTX_set_pkey_ctx(mctx, pctx); 1886 1887 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq))) 1888 goto done; 1889 1890 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey))) 1891 goto done; 1892 1893 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0)) 1894 goto done; 1895 1896 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) 1897 goto done; 1898 1899 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0)) 1900 goto done; 1901 rc = 1; 1902 1903 done: 1904 BIO_free(bio); 1905 EVP_PKEY_free(pkey); 1906 EVP_PKEY_CTX_free(pctx); 1907 EVP_MD_CTX_free(mctx); 1908 EVP_MD_free(sm3); 1909 return rc; 1910} 1911 1912static int test_EVP_SM2(void) 1913{ 1914 int ret = 0; 1915 EVP_PKEY *pkey = NULL; 1916 EVP_PKEY *pkeyparams = NULL; 1917 EVP_PKEY_CTX *pctx = NULL; 1918 EVP_PKEY_CTX *kctx = NULL; 1919 EVP_PKEY_CTX *sctx = NULL; 1920 size_t sig_len = 0; 1921 unsigned char *sig = NULL; 1922 EVP_MD_CTX *md_ctx = NULL; 1923 EVP_MD_CTX *md_ctx_verify = NULL; 1924 EVP_PKEY_CTX *cctx = NULL; 1925 EVP_MD *check_md = NULL; 1926 1927 uint8_t ciphertext[128]; 1928 size_t ctext_len = sizeof(ciphertext); 1929 1930 uint8_t plaintext[8]; 1931 size_t ptext_len = sizeof(plaintext); 1932 1933 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; 1934 1935 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END}; 1936 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END}; 1937 int i; 1938 char mdname[OSSL_MAX_NAME_SIZE]; 1939 1940 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, 1941 "SM2", testpropq))) 1942 goto done; 1943 1944 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) 1945 goto done; 1946 1947 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0)) 1948 goto done; 1949 1950 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams))) 1951 goto done; 1952 1953 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, 1954 pkeyparams, testpropq))) 1955 goto done; 1956 1957 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)) 1958 goto done; 1959 1960 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) 1961 goto done; 1962 1963 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 1964 goto done; 1965 1966 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) 1967 goto done; 1968 1969 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 1970 goto done; 1971 1972 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 1973 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); 1974 1975 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq))) 1976 goto done; 1977 1978 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey))) 1979 goto done; 1980 1981 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 1982 goto done; 1983 1984 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 1985 goto done; 1986 1987 /* Determine the size of the signature. */ 1988 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) 1989 goto done; 1990 1991 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) 1992 goto done; 1993 1994 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 1995 goto done; 1996 1997 /* Ensure that the signature round-trips. */ 1998 1999 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2000 pkey))) 2001 goto done; 2002 2003 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2004 goto done; 2005 2006 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2007 goto done; 2008 2009 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2010 goto done; 2011 2012 /* 2013 * Try verify again with non-matching 0 length id but ensure that it can 2014 * be set on the context and overrides the previous value. 2015 */ 2016 2017 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2018 pkey))) 2019 goto done; 2020 2021 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0)) 2022 goto done; 2023 2024 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2025 goto done; 2026 2027 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2028 goto done; 2029 2030 /* now check encryption/decryption */ 2031 2032 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2033 mdname, sizeof(mdname)); 2034 for (i = 0; i < 2; i++) { 2035 const char *mdnames[] = { 2036#ifndef OPENSSL_NO_SM3 2037 "SM3", 2038#else 2039 NULL, 2040#endif 2041 "SHA2-256" }; 2042 EVP_PKEY_CTX_free(cctx); 2043 2044 if (mdnames[i] == NULL) 2045 continue; 2046 2047 sparams[0] = 2048 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2049 (char *)mdnames[i], 0); 2050 2051 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2052 pkey, testpropq))) 2053 goto done; 2054 2055 if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) 2056 goto done; 2057 2058 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2059 goto done; 2060 2061 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, 2062 sizeof(kMsg)))) 2063 goto done; 2064 2065 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0)) 2066 goto done; 2067 2068 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2069 goto done; 2070 2071 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, 2072 ctext_len), 0)) 2073 goto done; 2074 2075 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams))) 2076 goto done; 2077 2078 /* 2079 * Test we're still using the digest we think we are. 2080 * Because of aliases, the easiest is to fetch the digest and 2081 * check the name with EVP_MD_is_a(). 2082 */ 2083 EVP_MD_free(check_md); 2084 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq))) 2085 goto done; 2086 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) { 2087 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]); 2088 goto done; 2089 } 2090 2091 if (!TEST_true(ptext_len == sizeof(kMsg))) 2092 goto done; 2093 2094 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) 2095 goto done; 2096 } 2097 2098 ret = 1; 2099done: 2100 EVP_PKEY_CTX_free(pctx); 2101 EVP_PKEY_CTX_free(kctx); 2102 EVP_PKEY_CTX_free(sctx); 2103 EVP_PKEY_CTX_free(cctx); 2104 EVP_PKEY_free(pkey); 2105 EVP_PKEY_free(pkeyparams); 2106 EVP_MD_CTX_free(md_ctx); 2107 EVP_MD_CTX_free(md_ctx_verify); 2108 EVP_MD_free(check_md); 2109 OPENSSL_free(sig); 2110 return ret; 2111} 2112 2113#endif 2114 2115static struct keys_st { 2116 int type; 2117 char *priv; 2118 char *pub; 2119} keys[] = { 2120 { 2121 EVP_PKEY_HMAC, "0123456789", NULL 2122 }, 2123 { 2124 EVP_PKEY_HMAC, "", NULL 2125#ifndef OPENSSL_NO_POLY1305 2126 }, { 2127 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL 2128#endif 2129#ifndef OPENSSL_NO_SIPHASH 2130 }, { 2131 EVP_PKEY_SIPHASH, "0123456789012345", NULL 2132#endif 2133 }, 2134#ifndef OPENSSL_NO_EC 2135 { 2136 EVP_PKEY_X25519, "01234567890123456789012345678901", 2137 "abcdefghijklmnopqrstuvwxyzabcdef" 2138 }, { 2139 EVP_PKEY_ED25519, "01234567890123456789012345678901", 2140 "abcdefghijklmnopqrstuvwxyzabcdef" 2141 }, { 2142 EVP_PKEY_X448, 2143 "01234567890123456789012345678901234567890123456789012345", 2144 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" 2145 }, { 2146 EVP_PKEY_ED448, 2147 "012345678901234567890123456789012345678901234567890123456", 2148 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" 2149 } 2150#endif 2151}; 2152 2153static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) 2154{ 2155 int ret = 0; 2156 unsigned char buf[80]; 2157 unsigned char *in; 2158 size_t inlen, len = 0, shortlen = 1; 2159 EVP_PKEY *pkey; 2160 2161 /* Check if this algorithm supports public keys */ 2162 if (pub && keys[tst].pub == NULL) 2163 return 1; 2164 2165 memset(buf, 0, sizeof(buf)); 2166 2167 if (pub) { 2168#ifndef OPENSSL_NO_EC 2169 inlen = strlen(keys[tst].pub); 2170 in = (unsigned char *)keys[tst].pub; 2171 if (uselibctx) { 2172 pkey = EVP_PKEY_new_raw_public_key_ex( 2173 testctx, 2174 OBJ_nid2sn(keys[tst].type), 2175 NULL, 2176 in, 2177 inlen); 2178 } else { 2179 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, 2180 NULL, 2181 in, 2182 inlen); 2183 } 2184#else 2185 return 1; 2186#endif 2187 } else { 2188 inlen = strlen(keys[tst].priv); 2189 in = (unsigned char *)keys[tst].priv; 2190 if (uselibctx) { 2191 pkey = EVP_PKEY_new_raw_private_key_ex( 2192 testctx, OBJ_nid2sn(keys[tst].type), 2193 NULL, 2194 in, 2195 inlen); 2196 } else { 2197 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, 2198 NULL, 2199 in, 2200 inlen); 2201 } 2202 } 2203 2204 if (!TEST_ptr(pkey) 2205 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1) 2206 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) 2207 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) 2208 || !TEST_true(len == inlen)) 2209 goto done; 2210 if (tst != 1) { 2211 /* 2212 * Test that supplying a buffer that is too small fails. Doesn't apply 2213 * to HMAC with a zero length key 2214 */ 2215 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf, 2216 &shortlen))) 2217 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf, 2218 &shortlen)))) 2219 goto done; 2220 } 2221 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) 2222 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) 2223 || !TEST_mem_eq(in, inlen, buf, len)) 2224 goto done; 2225 2226 ret = 1; 2227 done: 2228 EVP_PKEY_free(pkey); 2229 return ret; 2230} 2231 2232static int test_set_get_raw_keys(int tst) 2233{ 2234 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0)) 2235 && test_set_get_raw_keys_int(tst, 0, 1) 2236 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0)) 2237 && test_set_get_raw_keys_int(tst, 1, 1); 2238} 2239 2240#ifndef OPENSSL_NO_DEPRECATED_3_0 2241static int pkey_custom_check(EVP_PKEY *pkey) 2242{ 2243 return 0xbeef; 2244} 2245 2246static int pkey_custom_pub_check(EVP_PKEY *pkey) 2247{ 2248 return 0xbeef; 2249} 2250 2251static int pkey_custom_param_check(EVP_PKEY *pkey) 2252{ 2253 return 0xbeef; 2254} 2255 2256static EVP_PKEY_METHOD *custom_pmeth; 2257#endif 2258 2259static int test_EVP_PKEY_check(int i) 2260{ 2261 int ret = 0; 2262 EVP_PKEY *pkey = NULL; 2263 EVP_PKEY_CTX *ctx = NULL; 2264#ifndef OPENSSL_NO_DEPRECATED_3_0 2265 EVP_PKEY_CTX *ctx2 = NULL; 2266#endif 2267 const APK_DATA *ak = &keycheckdata[i]; 2268 const unsigned char *input = ak->kder; 2269 size_t input_len = ak->size; 2270 int expected_id = ak->evptype; 2271 int expected_check = ak->check; 2272 int expected_pub_check = ak->pub_check; 2273 int expected_param_check = ak->param_check; 2274 int type = ak->type; 2275 2276 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len))) 2277 goto done; 2278 if (type == 0 2279 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 2280 goto done; 2281 2282 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2283 goto done; 2284 2285 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) 2286 goto done; 2287 2288 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) 2289 goto done; 2290 2291 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) 2292 goto done; 2293 2294#ifndef OPENSSL_NO_DEPRECATED_3_0 2295 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); 2296 /* assign the pkey directly, as an internal test */ 2297 EVP_PKEY_up_ref(pkey); 2298 ctx2->pkey = pkey; 2299 2300 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) 2301 goto done; 2302 2303 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) 2304 goto done; 2305 2306 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) 2307 goto done; 2308#endif 2309 2310 ret = 1; 2311 2312 done: 2313 EVP_PKEY_CTX_free(ctx); 2314#ifndef OPENSSL_NO_DEPRECATED_3_0 2315 EVP_PKEY_CTX_free(ctx2); 2316#endif 2317 EVP_PKEY_free(pkey); 2318 return ret; 2319} 2320 2321#ifndef OPENSSL_NO_CMAC 2322static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac) 2323{ 2324 EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); 2325 const char msg[] = "Hello World"; 2326 size_t maclen = AES_BLOCK_SIZE; 2327 int ret = 1; 2328 2329 if (!TEST_ptr(mdctx) 2330 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx, 2331 testpropq, pkey, NULL)) 2332 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg))) 2333 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen)) 2334 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE)) 2335 ret = 0; 2336 2337 EVP_MD_CTX_free(mdctx); 2338 2339 return ret; 2340} 2341static int test_CMAC_keygen(void) 2342{ 2343 static unsigned char key[] = { 2344 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 2345 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 2346 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 2347 }; 2348 EVP_PKEY_CTX *kctx = NULL; 2349 int ret = 0; 2350 EVP_PKEY *pkey = NULL; 2351 unsigned char mac[AES_BLOCK_SIZE]; 2352# if !defined(OPENSSL_NO_DEPRECATED_3_0) 2353 unsigned char mac2[AES_BLOCK_SIZE]; 2354# endif 2355 2356 if (nullprov != NULL) 2357 return TEST_skip("Test does not support a non-default library context"); 2358 2359 /* 2360 * This is a legacy method for CMACs, but should still work. 2361 * This verifies that it works without an ENGINE. 2362 */ 2363 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL); 2364 2365 /* Test a CMAC key created using the "generated" method */ 2366 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 2367 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 2368 EVP_PKEY_CTRL_CIPHER, 2369 0, (void *)EVP_aes_256_ecb()), 0) 2370 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 2371 EVP_PKEY_CTRL_SET_MAC_KEY, 2372 sizeof(key), (void *)key), 0) 2373 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0) 2374 || !TEST_ptr(pkey) 2375 || !TEST_true(get_cmac_val(pkey, mac))) 2376 goto done; 2377 2378# if !defined(OPENSSL_NO_DEPRECATED_3_0) 2379 EVP_PKEY_free(pkey); 2380 2381 /* 2382 * Test a CMAC key using the direct method, and compare with the mac 2383 * created above. 2384 */ 2385 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb()); 2386 if (!TEST_ptr(pkey) 2387 || !TEST_true(get_cmac_val(pkey, mac2)) 2388 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2))) 2389 goto done; 2390# endif 2391 2392 ret = 1; 2393 2394 done: 2395 EVP_PKEY_free(pkey); 2396 EVP_PKEY_CTX_free(kctx); 2397 return ret; 2398} 2399#endif 2400 2401static int test_HKDF(void) 2402{ 2403 EVP_PKEY_CTX *pctx; 2404 unsigned char out[20]; 2405 size_t outlen; 2406 int i, ret = 0; 2407 unsigned char salt[] = "0123456789"; 2408 unsigned char key[] = "012345678901234567890123456789"; 2409 unsigned char info[] = "infostring"; 2410 const unsigned char expected[] = { 2411 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, 2412 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca 2413 }; 2414 size_t expectedlen = sizeof(expected); 2415 2416 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 2417 goto done; 2418 2419 /* We do this twice to test reuse of the EVP_PKEY_CTX */ 2420 for (i = 0; i < 2; i++) { 2421 outlen = sizeof(out); 2422 memset(out, 0, outlen); 2423 2424 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 2425 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 2426 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 2427 sizeof(salt) - 1), 0) 2428 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 2429 sizeof(key) - 1), 0) 2430 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 2431 sizeof(info) - 1), 0) 2432 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 2433 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 2434 goto done; 2435 } 2436 2437 ret = 1; 2438 2439 done: 2440 EVP_PKEY_CTX_free(pctx); 2441 2442 return ret; 2443} 2444 2445static int test_emptyikm_HKDF(void) 2446{ 2447 EVP_PKEY_CTX *pctx; 2448 unsigned char out[20]; 2449 size_t outlen; 2450 int ret = 0; 2451 unsigned char salt[] = "9876543210"; 2452 unsigned char key[] = ""; 2453 unsigned char info[] = "stringinfo"; 2454 const unsigned char expected[] = { 2455 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47, 2456 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30 2457 }; 2458 size_t expectedlen = sizeof(expected); 2459 2460 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 2461 goto done; 2462 2463 outlen = sizeof(out); 2464 memset(out, 0, outlen); 2465 2466 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 2467 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 2468 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 2469 sizeof(salt) - 1), 0) 2470 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 2471 sizeof(key) - 1), 0) 2472 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 2473 sizeof(info) - 1), 0) 2474 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 2475 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 2476 goto done; 2477 2478 ret = 1; 2479 2480 done: 2481 EVP_PKEY_CTX_free(pctx); 2482 2483 return ret; 2484} 2485 2486#ifndef OPENSSL_NO_EC 2487static int test_X509_PUBKEY_inplace(void) 2488{ 2489 int ret = 0; 2490 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq); 2491 const unsigned char *p = kExampleECPubKeyDER; 2492 size_t input_len = sizeof(kExampleECPubKeyDER); 2493 2494 if (!TEST_ptr(xp)) 2495 goto done; 2496 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))) 2497 goto done; 2498 2499 if (!TEST_ptr(X509_PUBKEY_get0(xp))) 2500 goto done; 2501 2502 p = kExampleBadECPubKeyDER; 2503 input_len = sizeof(kExampleBadECPubKeyDER); 2504 2505 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))) 2506 goto done; 2507 2508 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL)) 2509 goto done; 2510 2511 ret = 1; 2512 2513 done: 2514 X509_PUBKEY_free(xp); 2515 return ret; 2516} 2517 2518static int test_X509_PUBKEY_dup(void) 2519{ 2520 int ret = 0; 2521 X509_PUBKEY *xp = NULL, *xq = NULL; 2522 const unsigned char *p = kExampleECPubKeyDER; 2523 size_t input_len = sizeof(kExampleECPubKeyDER); 2524 2525 xp = X509_PUBKEY_new_ex(testctx, testpropq); 2526 if (!TEST_ptr(xp) 2527 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)) 2528 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)) 2529 || !TEST_ptr_ne(xp, xq)) 2530 goto done; 2531 2532 if (!TEST_ptr(X509_PUBKEY_get0(xq)) 2533 || !TEST_ptr(X509_PUBKEY_get0(xp)) 2534 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp))) 2535 goto done; 2536 2537 X509_PUBKEY_free(xq); 2538 xq = NULL; 2539 p = kExampleBadECPubKeyDER; 2540 input_len = sizeof(kExampleBadECPubKeyDER); 2541 2542 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)) 2543 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))) 2544 goto done; 2545 2546 X509_PUBKEY_free(xp); 2547 xp = NULL; 2548 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL)) 2549 goto done; 2550 2551 ret = 1; 2552 2553 done: 2554 X509_PUBKEY_free(xp); 2555 X509_PUBKEY_free(xq); 2556 return ret; 2557} 2558#endif /* OPENSSL_NO_EC */ 2559 2560/* Test getting and setting parameters on an EVP_PKEY_CTX */ 2561static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey) 2562{ 2563 EVP_MD_CTX *mdctx = NULL; 2564 EVP_PKEY_CTX *ctx = NULL; 2565 const OSSL_PARAM *params; 2566 OSSL_PARAM ourparams[2], *param = ourparams, *param_md; 2567 int ret = 0; 2568 const EVP_MD *md; 2569 char mdname[OSSL_MAX_NAME_SIZE]; 2570 char ssl3ms[48]; 2571 2572 /* Initialise a sign operation */ 2573 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq); 2574 if (!TEST_ptr(ctx) 2575 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)) 2576 goto err; 2577 2578 /* 2579 * We should be able to query the parameters now. 2580 */ 2581 params = EVP_PKEY_CTX_settable_params(ctx); 2582 if (!TEST_ptr(params) 2583 || !TEST_ptr(OSSL_PARAM_locate_const(params, 2584 OSSL_SIGNATURE_PARAM_DIGEST))) 2585 goto err; 2586 2587 params = EVP_PKEY_CTX_gettable_params(ctx); 2588 if (!TEST_ptr(params) 2589 || !TEST_ptr(OSSL_PARAM_locate_const(params, 2590 OSSL_SIGNATURE_PARAM_ALGORITHM_ID)) 2591 || !TEST_ptr(OSSL_PARAM_locate_const(params, 2592 OSSL_SIGNATURE_PARAM_DIGEST))) 2593 goto err; 2594 2595 /* 2596 * Test getting and setting params via EVP_PKEY_CTX_set_params() and 2597 * EVP_PKEY_CTX_get_params() 2598 */ 2599 strcpy(mdname, "SHA512"); 2600 param_md = param; 2601 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 2602 mdname, 0); 2603 *param++ = OSSL_PARAM_construct_end(); 2604 2605 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams))) 2606 goto err; 2607 2608 mdname[0] = '\0'; 2609 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 2610 mdname, sizeof(mdname)); 2611 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams)) 2612 || !TEST_str_eq(mdname, "SHA512")) 2613 goto err; 2614 2615 /* 2616 * Test the TEST_PKEY_CTX_set_signature_md() and 2617 * TEST_PKEY_CTX_get_signature_md() functions 2618 */ 2619 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0) 2620 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0) 2621 || !TEST_ptr_eq(md, EVP_sha256())) 2622 goto err; 2623 2624 /* 2625 * Test getting MD parameters via an associated EVP_PKEY_CTX 2626 */ 2627 mdctx = EVP_MD_CTX_new(); 2628 if (!TEST_ptr(mdctx) 2629 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq, 2630 pkey, NULL))) 2631 goto err; 2632 2633 /* 2634 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be 2635 * able to obtain the digest's settable parameters from the provider. 2636 */ 2637 params = EVP_MD_CTX_settable_params(mdctx); 2638 if (!TEST_ptr(params) 2639 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0) 2640 /* The final key should be NULL */ 2641 || !TEST_ptr_null(params[1].key)) 2642 goto err; 2643 2644 param = ourparams; 2645 memset(ssl3ms, 0, sizeof(ssl3ms)); 2646 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, 2647 ssl3ms, sizeof(ssl3ms)); 2648 *param++ = OSSL_PARAM_construct_end(); 2649 2650 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams))) 2651 goto err; 2652 2653 ret = 1; 2654 2655 err: 2656 EVP_MD_CTX_free(mdctx); 2657 EVP_PKEY_CTX_free(ctx); 2658 2659 return ret; 2660} 2661 2662#ifndef OPENSSL_NO_DSA 2663static int test_DSA_get_set_params(void) 2664{ 2665 OSSL_PARAM_BLD *bld = NULL; 2666 OSSL_PARAM *params = NULL; 2667 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 2668 EVP_PKEY_CTX *pctx = NULL; 2669 EVP_PKEY *pkey = NULL; 2670 int ret = 0; 2671 2672 /* 2673 * Setup the parameters for our DSA object. For our purposes they don't 2674 * have to actually be *valid* parameters. We just need to set something. 2675 */ 2676 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL)) 2677 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 2678 || !TEST_ptr(p = BN_new()) 2679 || !TEST_ptr(q = BN_new()) 2680 || !TEST_ptr(g = BN_new()) 2681 || !TEST_ptr(pub = BN_new()) 2682 || !TEST_ptr(priv = BN_new())) 2683 goto err; 2684 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 2685 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 2686 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 2687 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 2688 pub)) 2689 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 2690 priv))) 2691 goto err; 2692 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 2693 goto err; 2694 2695 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 2696 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 2697 params), 0)) 2698 goto err; 2699 2700 if (!TEST_ptr(pkey)) 2701 goto err; 2702 2703 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 2704 2705 err: 2706 EVP_PKEY_free(pkey); 2707 EVP_PKEY_CTX_free(pctx); 2708 OSSL_PARAM_free(params); 2709 OSSL_PARAM_BLD_free(bld); 2710 BN_free(p); 2711 BN_free(q); 2712 BN_free(g); 2713 BN_free(pub); 2714 BN_free(priv); 2715 2716 return ret; 2717} 2718 2719/* 2720 * Test combinations of private, public, missing and private + public key 2721 * params to ensure they are all accepted 2722 */ 2723static int test_DSA_priv_pub(void) 2724{ 2725 return test_EVP_PKEY_ffc_priv_pub("DSA"); 2726} 2727 2728#endif /* !OPENSSL_NO_DSA */ 2729 2730static int test_RSA_get_set_params(void) 2731{ 2732 OSSL_PARAM_BLD *bld = NULL; 2733 OSSL_PARAM *params = NULL; 2734 BIGNUM *n = NULL, *e = NULL, *d = NULL; 2735 EVP_PKEY_CTX *pctx = NULL; 2736 EVP_PKEY *pkey = NULL; 2737 int ret = 0; 2738 2739 /* 2740 * Setup the parameters for our RSA object. For our purposes they don't 2741 * have to actually be *valid* parameters. We just need to set something. 2742 */ 2743 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL)) 2744 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 2745 || !TEST_ptr(n = BN_new()) 2746 || !TEST_ptr(e = BN_new()) 2747 || !TEST_ptr(d = BN_new())) 2748 goto err; 2749 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) 2750 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) 2751 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))) 2752 goto err; 2753 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 2754 goto err; 2755 2756 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 2757 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 2758 params), 0)) 2759 goto err; 2760 2761 if (!TEST_ptr(pkey)) 2762 goto err; 2763 2764 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 2765 2766 err: 2767 EVP_PKEY_free(pkey); 2768 EVP_PKEY_CTX_free(pctx); 2769 OSSL_PARAM_free(params); 2770 OSSL_PARAM_BLD_free(bld); 2771 BN_free(n); 2772 BN_free(e); 2773 BN_free(d); 2774 2775 return ret; 2776} 2777 2778static int test_RSA_OAEP_set_get_params(void) 2779{ 2780 int ret = 0; 2781 EVP_PKEY *key = NULL; 2782 EVP_PKEY_CTX *key_ctx = NULL; 2783 2784 if (nullprov != NULL) 2785 return TEST_skip("Test does not support a non-default library context"); 2786 2787 if (!TEST_ptr(key = load_example_rsa_key()) 2788 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0))) 2789 goto err; 2790 2791 { 2792 int padding = RSA_PKCS1_OAEP_PADDING; 2793 OSSL_PARAM params[4]; 2794 2795 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding); 2796 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 2797 OSSL_DIGEST_NAME_SHA2_256, 0); 2798 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 2799 OSSL_DIGEST_NAME_SHA1, 0); 2800 params[3] = OSSL_PARAM_construct_end(); 2801 2802 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0)) 2803 goto err; 2804 } 2805 { 2806 OSSL_PARAM params[3]; 2807 char oaepmd[30] = { '\0' }; 2808 char mgf1md[30] = { '\0' }; 2809 2810 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 2811 oaepmd, sizeof(oaepmd)); 2812 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 2813 mgf1md, sizeof(mgf1md)); 2814 params[2] = OSSL_PARAM_construct_end(); 2815 2816 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params))) 2817 goto err; 2818 2819 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256) 2820 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1)) 2821 goto err; 2822 } 2823 2824 ret = 1; 2825 2826 err: 2827 EVP_PKEY_free(key); 2828 EVP_PKEY_CTX_free(key_ctx); 2829 2830 return ret; 2831} 2832 2833#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 2834static int test_decrypt_null_chunks(void) 2835{ 2836 EVP_CIPHER_CTX* ctx = NULL; 2837 EVP_CIPHER *cipher = NULL; 2838 const unsigned char key[32] = { 2839 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 2840 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 2841 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1 2842 }; 2843 unsigned char iv[12] = { 2844 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b 2845 }; 2846 unsigned char msg[] = "It was the best of times, it was the worst of times"; 2847 unsigned char ciphertext[80]; 2848 unsigned char plaintext[80]; 2849 /* We initialise tmp to a non zero value on purpose */ 2850 int ctlen, ptlen, tmp = 99; 2851 int ret = 0; 2852 const int enc_offset = 10, dec_offset = 20; 2853 2854 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq)) 2855 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 2856 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, 2857 key, iv)) 2858 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg, 2859 enc_offset)) 2860 /* Deliberate add a zero length update */ 2861 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL, 2862 0)) 2863 || !TEST_int_eq(tmp, 0) 2864 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, 2865 msg + enc_offset, 2866 sizeof(msg) - enc_offset)) 2867 || !TEST_int_eq(ctlen += tmp, sizeof(msg)) 2868 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp)) 2869 || !TEST_int_eq(tmp, 0)) 2870 goto err; 2871 2872 /* Deliberately initialise tmp to a non zero value */ 2873 tmp = 99; 2874 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) 2875 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext, 2876 dec_offset)) 2877 /* 2878 * Deliberately add a zero length update. We also deliberately do 2879 * this at a different offset than for encryption. 2880 */ 2881 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL, 2882 0)) 2883 || !TEST_int_eq(tmp, 0) 2884 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, 2885 ciphertext + dec_offset, 2886 ctlen - dec_offset)) 2887 || !TEST_int_eq(ptlen += tmp, sizeof(msg)) 2888 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp)) 2889 || !TEST_int_eq(tmp, 0) 2890 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen)) 2891 goto err; 2892 2893 ret = 1; 2894 err: 2895 EVP_CIPHER_CTX_free(ctx); 2896 EVP_CIPHER_free(cipher); 2897 return ret; 2898} 2899#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */ 2900 2901#ifndef OPENSSL_NO_DH 2902/* 2903 * Test combinations of private, public, missing and private + public key 2904 * params to ensure they are all accepted 2905 */ 2906static int test_DH_priv_pub(void) 2907{ 2908 return test_EVP_PKEY_ffc_priv_pub("DH"); 2909} 2910 2911# ifndef OPENSSL_NO_DEPRECATED_3_0 2912static int test_EVP_PKEY_set1_DH(void) 2913{ 2914 DH *x942dh = NULL, *noqdh = NULL; 2915 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; 2916 int ret = 0; 2917 BIGNUM *p, *g = NULL; 2918 BIGNUM *pubkey = NULL; 2919 unsigned char pub[2048 / 8]; 2920 size_t len = 0; 2921 2922 if (!TEST_ptr(p = BN_new()) 2923 || !TEST_ptr(g = BN_new()) 2924 || !TEST_ptr(pubkey = BN_new()) 2925 || !TEST_true(BN_set_word(p, 9999)) 2926 || !TEST_true(BN_set_word(g, 2)) 2927 || !TEST_true(BN_set_word(pubkey, 4321)) 2928 || !TEST_ptr(noqdh = DH_new()) 2929 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g)) 2930 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL)) 2931 || !TEST_ptr(pubkey = BN_new()) 2932 || !TEST_true(BN_set_word(pubkey, 4321))) 2933 goto err; 2934 p = g = NULL; 2935 2936 x942dh = DH_get_2048_256(); 2937 pkey1 = EVP_PKEY_new(); 2938 pkey2 = EVP_PKEY_new(); 2939 if (!TEST_ptr(x942dh) 2940 || !TEST_ptr(noqdh) 2941 || !TEST_ptr(pkey1) 2942 || !TEST_ptr(pkey2) 2943 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL))) 2944 goto err; 2945 pubkey = NULL; 2946 2947 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) 2948 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) 2949 goto err; 2950 2951 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY, 2952 &pubkey)) 2953 || !TEST_ptr(pubkey)) 2954 goto err; 2955 2956 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) 2957 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) 2958 goto err; 2959 2960 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2, 2961 OSSL_PKEY_PARAM_PUB_KEY, 2962 pub, sizeof(pub), &len)) 2963 || !TEST_size_t_ne(len, 0)) 2964 goto err; 2965 2966 ret = 1; 2967 err: 2968 BN_free(p); 2969 BN_free(g); 2970 BN_free(pubkey); 2971 EVP_PKEY_free(pkey1); 2972 EVP_PKEY_free(pkey2); 2973 DH_free(x942dh); 2974 DH_free(noqdh); 2975 2976 return ret; 2977} 2978# endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 2979#endif /* !OPENSSL_NO_DH */ 2980 2981/* 2982 * We test what happens with an empty template. For the sake of this test, 2983 * the template must be ignored, and we know that's the case for RSA keys 2984 * (this might arguably be a misfeature, but that's what we currently do, 2985 * even in provider code, since that's how the legacy RSA implementation 2986 * does things) 2987 */ 2988static int test_keygen_with_empty_template(int n) 2989{ 2990 EVP_PKEY_CTX *ctx = NULL; 2991 EVP_PKEY *pkey = NULL; 2992 EVP_PKEY *tkey = NULL; 2993 int ret = 0; 2994 2995 if (nullprov != NULL) 2996 return TEST_skip("Test does not support a non-default library context"); 2997 2998 switch (n) { 2999 case 0: 3000 /* We do test with no template at all as well */ 3001 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) 3002 goto err; 3003 break; 3004 case 1: 3005 /* Here we create an empty RSA key that serves as our template */ 3006 if (!TEST_ptr(tkey = EVP_PKEY_new()) 3007 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA)) 3008 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL))) 3009 goto err; 3010 break; 3011 } 3012 3013 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 3014 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)) 3015 goto err; 3016 3017 ret = 1; 3018 err: 3019 EVP_PKEY_CTX_free(ctx); 3020 EVP_PKEY_free(pkey); 3021 EVP_PKEY_free(tkey); 3022 return ret; 3023} 3024 3025/* 3026 * Test that we fail if we attempt to use an algorithm that is not available 3027 * in the current library context (unless we are using an algorithm that 3028 * should be made available via legacy codepaths). 3029 * 3030 * 0: RSA 3031 * 1: SM2 3032 */ 3033static int test_pkey_ctx_fail_without_provider(int tst) 3034{ 3035 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new(); 3036 OSSL_PROVIDER *tmpnullprov = NULL; 3037 EVP_PKEY_CTX *pctx = NULL; 3038 const char *keytype = NULL; 3039 int expect_null = 0; 3040 int ret = 0; 3041 3042 if (!TEST_ptr(tmpctx)) 3043 goto err; 3044 3045 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null"); 3046 if (!TEST_ptr(tmpnullprov)) 3047 goto err; 3048 3049 /* 3050 * We check for certain algos in the null provider. 3051 * If an algo is expected to have a provider keymgmt, contructing an 3052 * EVP_PKEY_CTX is expected to fail (return NULL). 3053 * Otherwise, if it's expected to have legacy support, contructing an 3054 * EVP_PKEY_CTX is expected to succeed (return non-NULL). 3055 */ 3056 switch (tst) { 3057 case 0: 3058 keytype = "RSA"; 3059 expect_null = 1; 3060 break; 3061 case 1: 3062 keytype = "SM2"; 3063 expect_null = 1; 3064#ifdef OPENSSL_NO_EC 3065 TEST_info("EC disable, skipping SM2 check..."); 3066 goto end; 3067#endif 3068#ifdef OPENSSL_NO_SM2 3069 TEST_info("SM2 disable, skipping SM2 check..."); 3070 goto end; 3071#endif 3072 break; 3073 default: 3074 TEST_error("No test for case %d", tst); 3075 goto err; 3076 } 3077 3078 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, ""); 3079 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx)) 3080 goto err; 3081 3082#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2) 3083 end: 3084#endif 3085 ret = 1; 3086 3087 err: 3088 EVP_PKEY_CTX_free(pctx); 3089 OSSL_PROVIDER_unload(tmpnullprov); 3090 OSSL_LIB_CTX_free(tmpctx); 3091 return ret; 3092} 3093 3094static int test_rand_agglomeration(void) 3095{ 3096 EVP_RAND *rand; 3097 EVP_RAND_CTX *ctx; 3098 OSSL_PARAM params[3], *p = params; 3099 int res; 3100 unsigned int step = 7; 3101 static unsigned char seed[] = "It does not matter how slowly you go " 3102 "as long as you do not stop."; 3103 unsigned char out[sizeof(seed)]; 3104 3105 if (!TEST_int_ne(sizeof(seed) % step, 0) 3106 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq))) 3107 return 0; 3108 ctx = EVP_RAND_CTX_new(rand, NULL); 3109 EVP_RAND_free(rand); 3110 if (!TEST_ptr(ctx)) 3111 return 0; 3112 3113 memset(out, 0, sizeof(out)); 3114 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 3115 seed, sizeof(seed)); 3116 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step); 3117 *p = OSSL_PARAM_construct_end(); 3118 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params)) 3119 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0)) 3120 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out)); 3121 EVP_RAND_CTX_free(ctx); 3122 return res; 3123} 3124 3125/* 3126 * Test that we correctly return the original or "running" IV after 3127 * an encryption operation. 3128 * Run multiple times for some different relevant algorithms/modes. 3129 */ 3130static int test_evp_iv_aes(int idx) 3131{ 3132 int ret = 0; 3133 EVP_CIPHER_CTX *ctx = NULL; 3134 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1, 3135 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57}; 3136 unsigned char init_iv[EVP_MAX_IV_LENGTH] = 3137 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 3138 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34}; 3139 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8, 3140 9, 10, 11, 12, 13, 14, 15, 16 }; 3141 unsigned char ciphertext[32], oiv[16], iv[16]; 3142 unsigned char *ref_iv; 3143 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9, 3144 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e}; 3145 3146 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64, 3147 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd}; 3148 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c, 3149 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed}; 3150 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 3151 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81}; 3152 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98}; 3153#ifndef OPENSSL_NO_OCB 3154 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 3155 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81}; 3156#endif 3157 int len = sizeof(ciphertext); 3158 size_t ivlen, ref_len; 3159 const EVP_CIPHER *type = NULL; 3160 int iv_reset = 0; 3161 3162 if (nullprov != NULL && idx < 6) 3163 return TEST_skip("Test does not support a non-default library context"); 3164 3165 switch(idx) { 3166 case 0: 3167 type = EVP_aes_128_cbc(); 3168 /* FALLTHROUGH */ 3169 case 6: 3170 type = (type != NULL) ? type : 3171 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq); 3172 ref_iv = cbc_state; 3173 ref_len = sizeof(cbc_state); 3174 iv_reset = 1; 3175 break; 3176 case 1: 3177 type = EVP_aes_128_ofb(); 3178 /* FALLTHROUGH */ 3179 case 7: 3180 type = (type != NULL) ? type : 3181 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq); 3182 ref_iv = ofb_state; 3183 ref_len = sizeof(ofb_state); 3184 iv_reset = 1; 3185 break; 3186 case 2: 3187 type = EVP_aes_128_cfb(); 3188 /* FALLTHROUGH */ 3189 case 8: 3190 type = (type != NULL) ? type : 3191 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq); 3192 ref_iv = cfb_state; 3193 ref_len = sizeof(cfb_state); 3194 iv_reset = 1; 3195 break; 3196 case 3: 3197 type = EVP_aes_128_gcm(); 3198 /* FALLTHROUGH */ 3199 case 9: 3200 type = (type != NULL) ? type : 3201 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq); 3202 ref_iv = gcm_state; 3203 ref_len = sizeof(gcm_state); 3204 break; 3205 case 4: 3206 type = EVP_aes_128_ccm(); 3207 /* FALLTHROUGH */ 3208 case 10: 3209 type = (type != NULL) ? type : 3210 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq); 3211 ref_iv = ccm_state; 3212 ref_len = sizeof(ccm_state); 3213 break; 3214#ifdef OPENSSL_NO_OCB 3215 case 5: 3216 case 11: 3217 return 1; 3218#else 3219 case 5: 3220 type = EVP_aes_128_ocb(); 3221 /* FALLTHROUGH */ 3222 case 11: 3223 type = (type != NULL) ? type : 3224 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq); 3225 ref_iv = ocb_state; 3226 ref_len = sizeof(ocb_state); 3227 break; 3228#endif 3229 default: 3230 return 0; 3231 } 3232 3233 if (!TEST_ptr(type) 3234 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 3235 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 3236 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 3237 (int)sizeof(msg))) 3238 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 3239 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 3240 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 3241 goto err; 3242 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 3243 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 3244 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 3245 goto err; 3246 3247 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */ 3248 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 3249 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 3250 goto err; 3251 if (iv_reset) { 3252 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 3253 goto err; 3254 } else { 3255 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen)) 3256 goto err; 3257 } 3258 3259 ret = 1; 3260err: 3261 EVP_CIPHER_CTX_free(ctx); 3262 if (idx >= 6) 3263 EVP_CIPHER_free((EVP_CIPHER *)type); 3264 return ret; 3265} 3266 3267#ifndef OPENSSL_NO_DES 3268static int test_evp_iv_des(int idx) 3269{ 3270 int ret = 0; 3271 EVP_CIPHER_CTX *ctx = NULL; 3272 static const unsigned char key[24] = { 3273 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 3274 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86, 3275 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 3276 }; 3277 static const unsigned char init_iv[8] = { 3278 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 3279 }; 3280 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8, 3281 9, 10, 11, 12, 13, 14, 15, 16 }; 3282 unsigned char ciphertext[32], oiv[8], iv[8]; 3283 unsigned const char *ref_iv; 3284 static const unsigned char cbc_state_des[8] = { 3285 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a 3286 }; 3287 static const unsigned char cbc_state_3des[8] = { 3288 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9 3289 }; 3290 static const unsigned char ofb_state_des[8] = { 3291 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c 3292 }; 3293 static const unsigned char ofb_state_3des[8] = { 3294 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e 3295 }; 3296 static const unsigned char cfb_state_des[8] = { 3297 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73 3298 }; 3299 static const unsigned char cfb_state_3des[8] = { 3300 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7 3301 }; 3302 int len = sizeof(ciphertext); 3303 size_t ivlen, ref_len; 3304 EVP_CIPHER *type = NULL; 3305 3306 if (lgcyprov == NULL && idx < 3) 3307 return TEST_skip("Test requires legacy provider to be loaded"); 3308 3309 switch(idx) { 3310 case 0: 3311 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq); 3312 ref_iv = cbc_state_des; 3313 ref_len = sizeof(cbc_state_des); 3314 break; 3315 case 1: 3316 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq); 3317 ref_iv = ofb_state_des; 3318 ref_len = sizeof(ofb_state_des); 3319 break; 3320 case 2: 3321 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq); 3322 ref_iv = cfb_state_des; 3323 ref_len = sizeof(cfb_state_des); 3324 break; 3325 case 3: 3326 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq); 3327 ref_iv = cbc_state_3des; 3328 ref_len = sizeof(cbc_state_3des); 3329 break; 3330 case 4: 3331 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq); 3332 ref_iv = ofb_state_3des; 3333 ref_len = sizeof(ofb_state_3des); 3334 break; 3335 case 5: 3336 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq); 3337 ref_iv = cfb_state_3des; 3338 ref_len = sizeof(cfb_state_3des); 3339 break; 3340 default: 3341 return 0; 3342 } 3343 3344 if (!TEST_ptr(type) 3345 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 3346 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 3347 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 3348 (int)sizeof(msg))) 3349 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 3350 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 3351 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 3352 goto err; 3353 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 3354 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 3355 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 3356 goto err; 3357 3358 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 3359 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 3360 goto err; 3361 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 3362 goto err; 3363 3364 ret = 1; 3365err: 3366 EVP_CIPHER_CTX_free(ctx); 3367 EVP_CIPHER_free(type); 3368 return ret; 3369} 3370#endif 3371 3372#ifndef OPENSSL_NO_BF 3373static int test_evp_bf_default_keylen(int idx) 3374{ 3375 int ret = 0; 3376 static const char *algos[4] = { 3377 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb" 3378 }; 3379 int ivlen[4] = { 0, 8, 8, 8 }; 3380 EVP_CIPHER *cipher = NULL; 3381 3382 if (lgcyprov == NULL) 3383 return TEST_skip("Test requires legacy provider to be loaded"); 3384 3385 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq)) 3386 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16) 3387 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx])) 3388 goto err; 3389 3390 ret = 1; 3391err: 3392 EVP_CIPHER_free(cipher); 3393 return ret; 3394} 3395#endif 3396 3397#ifndef OPENSSL_NO_EC 3398static int ecpub_nids[] = { 3399 NID_brainpoolP256r1, NID_X9_62_prime256v1, 3400 NID_secp384r1, NID_secp521r1, 3401# ifndef OPENSSL_NO_EC2M 3402 NID_sect233k1, NID_sect233r1, NID_sect283r1, 3403 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, 3404# endif 3405 NID_brainpoolP384r1, NID_brainpoolP512r1 3406}; 3407 3408static int test_ecpub(int idx) 3409{ 3410 int ret = 0, len, savelen; 3411 int nid; 3412 unsigned char buf[1024]; 3413 unsigned char *p; 3414 EVP_PKEY *pkey = NULL; 3415 EVP_PKEY_CTX *ctx = NULL; 3416# ifndef OPENSSL_NO_DEPRECATED_3_0 3417 const unsigned char *q; 3418 EVP_PKEY *pkey2 = NULL; 3419 EC_KEY *ec = NULL; 3420# endif 3421 3422 if (nullprov != NULL) 3423 return TEST_skip("Test does not support a non-default library context"); 3424 3425 nid = ecpub_nids[idx]; 3426 3427 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); 3428 if (!TEST_ptr(ctx) 3429 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 3430 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0) 3431 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey))) 3432 goto done; 3433 len = i2d_PublicKey(pkey, NULL); 3434 savelen = len; 3435 if (!TEST_int_ge(len, 1) 3436 || !TEST_int_lt(len, 1024)) 3437 goto done; 3438 p = buf; 3439 len = i2d_PublicKey(pkey, &p); 3440 if (!TEST_int_ge(len, 1) 3441 || !TEST_int_eq(len, savelen)) 3442 goto done; 3443 3444# ifndef OPENSSL_NO_DEPRECATED_3_0 3445 /* Now try to decode the just-created DER. */ 3446 q = buf; 3447 if (!TEST_ptr((pkey2 = EVP_PKEY_new())) 3448 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid))) 3449 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec))) 3450 goto done; 3451 /* EC_KEY ownership transferred */ 3452 ec = NULL; 3453 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen))) 3454 goto done; 3455 /* The keys should match. */ 3456 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) 3457 goto done; 3458# endif 3459 3460 ret = 1; 3461 3462 done: 3463 EVP_PKEY_CTX_free(ctx); 3464 EVP_PKEY_free(pkey); 3465# ifndef OPENSSL_NO_DEPRECATED_3_0 3466 EVP_PKEY_free(pkey2); 3467 EC_KEY_free(ec); 3468# endif 3469 return ret; 3470} 3471#endif 3472 3473static int test_EVP_rsa_pss_with_keygen_bits(void) 3474{ 3475 int ret = 0; 3476 EVP_PKEY_CTX *ctx = NULL; 3477 EVP_PKEY *pkey = NULL; 3478 EVP_MD *md; 3479 3480 md = EVP_MD_fetch(testctx, "sha256", testpropq); 3481 ret = TEST_ptr(md) 3482 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq))) 3483 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 3484 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0) 3485 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0) 3486 && TEST_true(EVP_PKEY_keygen(ctx, &pkey)); 3487 3488 EVP_MD_free(md); 3489 EVP_PKEY_free(pkey); 3490 EVP_PKEY_CTX_free(ctx); 3491 return ret; 3492} 3493 3494static int test_EVP_rsa_pss_set_saltlen(void) 3495{ 3496 int ret = 0; 3497 EVP_PKEY *pkey = NULL; 3498 EVP_PKEY_CTX *pkey_ctx = NULL; 3499 EVP_MD *sha256 = NULL; 3500 EVP_MD_CTX *sha256_ctx = NULL; 3501 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */ 3502 const int test_value = 32; 3503 3504 ret = TEST_ptr(pkey = load_example_rsa_key()) 3505 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL)) 3506 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new()) 3507 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey)) 3508 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)) 3509 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0) 3510 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0) 3511 && TEST_int_eq(saltlen, test_value); 3512 3513 EVP_MD_CTX_free(sha256_ctx); 3514 EVP_PKEY_free(pkey); 3515 EVP_MD_free(sha256); 3516 3517 return ret; 3518} 3519 3520static int success = 1; 3521static void md_names(const char *name, void *vctx) 3522{ 3523 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx; 3524 /* Force a namemap update */ 3525 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL); 3526 3527 if (!TEST_ptr(aes128)) 3528 success = 0; 3529 3530 EVP_CIPHER_free(aes128); 3531} 3532 3533/* 3534 * Test that changing the namemap in a user callback works in a names_do_all 3535 * function. 3536 */ 3537static int test_names_do_all(void) 3538{ 3539 /* We use a custom libctx so that we know the state of the namemap */ 3540 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); 3541 EVP_MD *sha256 = NULL; 3542 int testresult = 0; 3543 3544 if (!TEST_ptr(ctx)) 3545 goto err; 3546 3547 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL); 3548 if (!TEST_ptr(sha256)) 3549 goto err; 3550 3551 /* 3552 * We loop through all the names for a given digest. This should still work 3553 * even if the namemap changes part way through. 3554 */ 3555 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx))) 3556 goto err; 3557 3558 if (!TEST_true(success)) 3559 goto err; 3560 3561 testresult = 1; 3562 err: 3563 EVP_MD_free(sha256); 3564 OSSL_LIB_CTX_free(ctx); 3565 return testresult; 3566} 3567 3568typedef struct { 3569 const char *cipher; 3570 const unsigned char *key; 3571 const unsigned char *iv; 3572 const unsigned char *input; 3573 const unsigned char *expected; 3574 const unsigned char *tag; 3575 size_t ivlen; /* 0 if we do not need to set a specific IV len */ 3576 size_t inlen; 3577 size_t expectedlen; 3578 size_t taglen; 3579 int keyfirst; 3580 int initenc; 3581 int finalenc; 3582} EVP_INIT_TEST_st; 3583 3584static const EVP_INIT_TEST_st evp_init_tests[] = { 3585 { 3586 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 3587 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 3588 0, 1, 0, 1 3589 }, 3590 { 3591 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 3592 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 3593 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 3594 sizeof(gcmDefaultTag), 1, 0, 1 3595 }, 3596 { 3597 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 3598 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 3599 0, 0, 0, 1 3600 }, 3601 { 3602 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 3603 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 3604 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 3605 sizeof(gcmDefaultTag), 0, 0, 1 3606 }, 3607 { 3608 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 3609 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 3610 0, 1, 1, 0 3611 }, 3612 { 3613 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 3614 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 3615 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 3616 sizeof(gcmDefaultTag), 1, 1, 0 3617 }, 3618 { 3619 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 3620 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 3621 0, 0, 1, 0 3622 }, 3623 { 3624 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 3625 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 3626 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 3627 sizeof(gcmDefaultTag), 0, 1, 0 3628 } 3629}; 3630 3631static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) 3632{ 3633 int res = 0; 3634 3635 if (t->ivlen != 0) { 3636 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0)) 3637 goto err; 3638 } 3639 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) 3640 goto err; 3641 res = 1; 3642 err: 3643 return res; 3644} 3645 3646/* 3647 * Test step-wise cipher initialization via EVP_CipherInit_ex where the 3648 * arguments are given one at a time and a final adjustment to the enc 3649 * parameter sets the correct operation. 3650 */ 3651static int test_evp_init_seq(int idx) 3652{ 3653 int outlen1, outlen2; 3654 int testresult = 0; 3655 unsigned char outbuf[1024]; 3656 unsigned char tag[16]; 3657 const EVP_INIT_TEST_st *t = &evp_init_tests[idx]; 3658 EVP_CIPHER_CTX *ctx = NULL; 3659 EVP_CIPHER *type = NULL; 3660 size_t taglen = sizeof(tag); 3661 char *errmsg = NULL; 3662 3663 ctx = EVP_CIPHER_CTX_new(); 3664 if (ctx == NULL) { 3665 errmsg = "CTX_ALLOC"; 3666 goto err; 3667 } 3668 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) { 3669 errmsg = "CIPHER_FETCH"; 3670 goto err; 3671 } 3672 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) { 3673 errmsg = "EMPTY_ENC_INIT"; 3674 goto err; 3675 } 3676 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 3677 errmsg = "PADDING"; 3678 goto err; 3679 } 3680 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 3681 errmsg = "KEY_INIT (before iv)"; 3682 goto err; 3683 } 3684 if (!evp_init_seq_set_iv(ctx, t)) { 3685 errmsg = "IV_INIT"; 3686 goto err; 3687 } 3688 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 3689 errmsg = "KEY_INIT (after iv)"; 3690 goto err; 3691 } 3692 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) { 3693 errmsg = "FINAL_ENC_INIT"; 3694 goto err; 3695 } 3696 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 3697 errmsg = "CIPHER_UPDATE"; 3698 goto err; 3699 } 3700 if (t->finalenc == 0 && t->tag != NULL) { 3701 /* Set expected tag */ 3702 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 3703 t->taglen, (void *)t->tag), 0)) { 3704 errmsg = "SET_TAG"; 3705 goto err; 3706 } 3707 } 3708 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 3709 errmsg = "CIPHER_FINAL"; 3710 goto err; 3711 } 3712 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 3713 errmsg = "WRONG_RESULT"; 3714 goto err; 3715 } 3716 if (t->finalenc != 0 && t->tag != NULL) { 3717 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 3718 errmsg = "GET_TAG"; 3719 goto err; 3720 } 3721 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) { 3722 errmsg = "TAG_ERROR"; 3723 goto err; 3724 } 3725 } 3726 testresult = 1; 3727 err: 3728 if (errmsg != NULL) 3729 TEST_info("evp_init_test %d: %s", idx, errmsg); 3730 EVP_CIPHER_CTX_free(ctx); 3731 EVP_CIPHER_free(type); 3732 return testresult; 3733} 3734 3735typedef struct { 3736 const unsigned char *input; 3737 const unsigned char *expected; 3738 size_t inlen; 3739 size_t expectedlen; 3740 int enc; 3741} EVP_RESET_TEST_st; 3742 3743static const EVP_RESET_TEST_st evp_reset_tests[] = { 3744 { 3745 cfbPlaintext, cfbCiphertext, 3746 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 3747 }, 3748 { 3749 cfbCiphertext, cfbPlaintext, 3750 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 3751 } 3752}; 3753 3754/* 3755 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already 3756 * been used. 3757 */ 3758static int test_evp_reset(int idx) 3759{ 3760 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx]; 3761 int outlen1, outlen2; 3762 int testresult = 0; 3763 unsigned char outbuf[1024]; 3764 EVP_CIPHER_CTX *ctx = NULL; 3765 EVP_CIPHER *type = NULL; 3766 char *errmsg = NULL; 3767 3768 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 3769 errmsg = "CTX_ALLOC"; 3770 goto err; 3771 } 3772 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) { 3773 errmsg = "CIPHER_FETCH"; 3774 goto err; 3775 } 3776 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 3777 errmsg = "CIPHER_INIT"; 3778 goto err; 3779 } 3780 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 3781 errmsg = "PADDING"; 3782 goto err; 3783 } 3784 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 3785 errmsg = "CIPHER_UPDATE"; 3786 goto err; 3787 } 3788 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 3789 errmsg = "CIPHER_FINAL"; 3790 goto err; 3791 } 3792 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 3793 errmsg = "WRONG_RESULT"; 3794 goto err; 3795 } 3796 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) { 3797 errmsg = "CIPHER_REINIT"; 3798 goto err; 3799 } 3800 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 3801 errmsg = "CIPHER_UPDATE (reinit)"; 3802 goto err; 3803 } 3804 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 3805 errmsg = "CIPHER_FINAL (reinit)"; 3806 goto err; 3807 } 3808 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 3809 errmsg = "WRONG_RESULT (reinit)"; 3810 goto err; 3811 } 3812 testresult = 1; 3813 err: 3814 if (errmsg != NULL) 3815 TEST_info("test_evp_reset %d: %s", idx, errmsg); 3816 EVP_CIPHER_CTX_free(ctx); 3817 EVP_CIPHER_free(type); 3818 return testresult; 3819} 3820 3821typedef struct { 3822 const char *cipher; 3823 int enc; 3824} EVP_UPDATED_IV_TEST_st; 3825 3826static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { 3827 { 3828 "aes-128-cfb", 1 3829 }, 3830 { 3831 "aes-128-cfb", 0 3832 }, 3833 { 3834 "aes-128-cfb1", 1 3835 }, 3836 { 3837 "aes-128-cfb1", 0 3838 }, 3839 { 3840 "aes-128-cfb8", 1 3841 }, 3842 { 3843 "aes-128-cfb8", 0 3844 }, 3845 { 3846 "aes-128-ofb", 1 3847 }, 3848 { 3849 "aes-128-ofb", 0 3850 }, 3851 { 3852 "aes-128-ctr", 1 3853 }, 3854 { 3855 "aes-128-ctr", 0 3856 }, 3857 { 3858 "aes-128-cbc", 1 3859 }, 3860 { 3861 "aes-128-cbc", 0 3862 } 3863}; 3864 3865/* 3866 * Test that the IV in the context is updated during a crypto operation for CFB 3867 * and OFB. 3868 */ 3869static int test_evp_updated_iv(int idx) 3870{ 3871 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; 3872 int outlen1, outlen2; 3873 int testresult = 0; 3874 unsigned char outbuf[1024]; 3875 EVP_CIPHER_CTX *ctx = NULL; 3876 EVP_CIPHER *type = NULL; 3877 unsigned char updated_iv[EVP_MAX_IV_LENGTH]; 3878 int iv_len; 3879 char *errmsg = NULL; 3880 3881 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 3882 errmsg = "CTX_ALLOC"; 3883 goto err; 3884 } 3885 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) { 3886 TEST_info("cipher %s not supported, skipping", t->cipher); 3887 goto ok; 3888 } 3889 3890 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 3891 errmsg = "CIPHER_INIT"; 3892 goto err; 3893 } 3894 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 3895 errmsg = "PADDING"; 3896 goto err; 3897 } 3898 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { 3899 errmsg = "CIPHER_UPDATE"; 3900 goto err; 3901 } 3902 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) { 3903 errmsg = "CIPHER_CTX_GET_UPDATED_IV"; 3904 goto err; 3905 } 3906 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) { 3907 errmsg = "CIPHER_CTX_GET_IV_LEN"; 3908 goto err; 3909 } 3910 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { 3911 errmsg = "IV_NOT_UPDATED"; 3912 goto err; 3913 } 3914 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 3915 errmsg = "CIPHER_FINAL"; 3916 goto err; 3917 } 3918 ok: 3919 testresult = 1; 3920 err: 3921 if (errmsg != NULL) 3922 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); 3923 EVP_CIPHER_CTX_free(ctx); 3924 EVP_CIPHER_free(type); 3925 return testresult; 3926} 3927 3928typedef struct { 3929 const unsigned char *iv1; 3930 const unsigned char *iv2; 3931 const unsigned char *expected1; 3932 const unsigned char *expected2; 3933 const unsigned char *tag1; 3934 const unsigned char *tag2; 3935 size_t ivlen1; 3936 size_t ivlen2; 3937 size_t expectedlen1; 3938 size_t expectedlen2; 3939} TEST_GCM_IV_REINIT_st; 3940 3941static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { 3942 { 3943 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, 3944 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), 3945 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) 3946 }, 3947 { 3948 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, 3949 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), 3950 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) 3951 } 3952}; 3953 3954static int test_gcm_reinit(int idx) 3955{ 3956 int outlen1, outlen2, outlen3; 3957 int testresult = 0; 3958 unsigned char outbuf[1024]; 3959 unsigned char tag[16]; 3960 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx]; 3961 EVP_CIPHER_CTX *ctx = NULL; 3962 EVP_CIPHER *type = NULL; 3963 size_t taglen = sizeof(tag); 3964 char *errmsg = NULL; 3965 3966 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 3967 errmsg = "CTX_ALLOC"; 3968 goto err; 3969 } 3970 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) { 3971 errmsg = "CIPHER_FETCH"; 3972 goto err; 3973 } 3974 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) { 3975 errmsg = "ENC_INIT"; 3976 goto err; 3977 } 3978 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) { 3979 errmsg = "SET_IVLEN1"; 3980 goto err; 3981 } 3982 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) { 3983 errmsg = "SET_IV1"; 3984 goto err; 3985 } 3986 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 3987 errmsg = "AAD1"; 3988 goto err; 3989 } 3990 EVP_CIPHER_CTX_set_padding(ctx, 0); 3991 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 3992 sizeof(gcmResetPlaintext)))) { 3993 errmsg = "CIPHER_UPDATE1"; 3994 goto err; 3995 } 3996 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 3997 errmsg = "CIPHER_FINAL1"; 3998 goto err; 3999 } 4000 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) { 4001 errmsg = "WRONG_RESULT1"; 4002 goto err; 4003 } 4004 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 4005 errmsg = "GET_TAG1"; 4006 goto err; 4007 } 4008 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) { 4009 errmsg = "TAG_ERROR1"; 4010 goto err; 4011 } 4012 /* Now reinit */ 4013 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) { 4014 errmsg = "SET_IVLEN2"; 4015 goto err; 4016 } 4017 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) { 4018 errmsg = "SET_IV2"; 4019 goto err; 4020 } 4021 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 4022 errmsg = "AAD2"; 4023 goto err; 4024 } 4025 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 4026 sizeof(gcmResetPlaintext)))) { 4027 errmsg = "CIPHER_UPDATE2"; 4028 goto err; 4029 } 4030 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4031 errmsg = "CIPHER_FINAL2"; 4032 goto err; 4033 } 4034 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) { 4035 errmsg = "WRONG_RESULT2"; 4036 goto err; 4037 } 4038 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 4039 errmsg = "GET_TAG2"; 4040 goto err; 4041 } 4042 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) { 4043 errmsg = "TAG_ERROR2"; 4044 goto err; 4045 } 4046 testresult = 1; 4047 err: 4048 if (errmsg != NULL) 4049 TEST_info("evp_init_test %d: %s", idx, errmsg); 4050 EVP_CIPHER_CTX_free(ctx); 4051 EVP_CIPHER_free(type); 4052 return testresult; 4053} 4054 4055#ifndef OPENSSL_NO_DEPRECATED_3_0 4056static EVP_PKEY_METHOD *custom_pmeth = NULL; 4057static const EVP_PKEY_METHOD *orig_pmeth = NULL; 4058 4059# define EVP_PKEY_CTRL_MY_COMMAND 9999 4060 4061static int custom_pmeth_init(EVP_PKEY_CTX *ctx) 4062{ 4063 int (*pinit)(EVP_PKEY_CTX *ctx); 4064 4065 EVP_PKEY_meth_get_init(orig_pmeth, &pinit); 4066 return pinit(ctx); 4067} 4068 4069static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx) 4070{ 4071 void (*pcleanup)(EVP_PKEY_CTX *ctx); 4072 4073 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup); 4074 pcleanup(ctx); 4075} 4076 4077static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out, 4078 size_t *outlen, const unsigned char *in, 4079 size_t inlen) 4080{ 4081 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 4082 const unsigned char *tbs, size_t tbslen); 4083 4084 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign); 4085 return psign(ctx, out, outlen, in, inlen); 4086} 4087 4088static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig, 4089 size_t *siglen, const unsigned char *tbs, 4090 size_t tbslen) 4091{ 4092 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 4093 const unsigned char *tbs, size_t tbslen); 4094 4095 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign); 4096 return pdigestsign(ctx, sig, siglen, tbs, tbslen); 4097} 4098 4099static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key, 4100 size_t *keylen) 4101{ 4102 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 4103 4104 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive); 4105 return pderive(ctx, key, keylen); 4106} 4107 4108static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) 4109{ 4110 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); 4111 4112 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy); 4113 return pcopy(dst, src); 4114} 4115 4116static int ctrl_called; 4117 4118static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 4119{ 4120 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 4121 4122 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL); 4123 4124 if (type == EVP_PKEY_CTRL_MY_COMMAND) { 4125 ctrl_called = 1; 4126 return 1; 4127 } 4128 4129 return pctrl(ctx, type, p1, p2); 4130} 4131 4132static int test_custom_pmeth(int idx) 4133{ 4134 EVP_PKEY_CTX *pctx = NULL; 4135 EVP_MD_CTX *ctx = NULL; 4136 EVP_PKEY *pkey = NULL; 4137 int id, orig_id, orig_flags; 4138 int testresult = 0; 4139 size_t reslen; 4140 unsigned char *res = NULL; 4141 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' }; 4142 const EVP_MD *md = EVP_sha256(); 4143 int doderive = 0; 4144 4145 ctrl_called = 0; 4146 4147 /* We call deprecated APIs so this test doesn't support a custom libctx */ 4148 if (testctx != NULL) 4149 return 1; 4150 4151 switch(idx) { 4152 case 0: 4153 case 6: 4154 id = EVP_PKEY_RSA; 4155 pkey = load_example_rsa_key(); 4156 break; 4157 case 1: 4158 case 7: 4159# ifndef OPENSSL_NO_DSA 4160 id = EVP_PKEY_DSA; 4161 pkey = load_example_dsa_key(); 4162 break; 4163# else 4164 return 1; 4165# endif 4166 case 2: 4167 case 8: 4168# ifndef OPENSSL_NO_EC 4169 id = EVP_PKEY_EC; 4170 pkey = load_example_ec_key(); 4171 break; 4172# else 4173 return 1; 4174# endif 4175 case 3: 4176 case 9: 4177# ifndef OPENSSL_NO_EC 4178 id = EVP_PKEY_ED25519; 4179 md = NULL; 4180 pkey = load_example_ed25519_key(); 4181 break; 4182# else 4183 return 1; 4184# endif 4185 case 4: 4186 case 10: 4187# ifndef OPENSSL_NO_DH 4188 id = EVP_PKEY_DH; 4189 doderive = 1; 4190 pkey = load_example_dh_key(); 4191 break; 4192# else 4193 return 1; 4194# endif 4195 case 5: 4196 case 11: 4197# ifndef OPENSSL_NO_EC 4198 id = EVP_PKEY_X25519; 4199 doderive = 1; 4200 pkey = load_example_x25519_key(); 4201 break; 4202# else 4203 return 1; 4204# endif 4205 default: 4206 TEST_error("Should not happen"); 4207 goto err; 4208 } 4209 4210 if (!TEST_ptr(pkey)) 4211 goto err; 4212 4213 if (idx < 6) { 4214 if (!TEST_true(evp_pkey_is_provided(pkey))) 4215 goto err; 4216 } else { 4217 EVP_PKEY *tmp = pkey; 4218 4219 /* Convert to a legacy key */ 4220 pkey = EVP_PKEY_new(); 4221 if (!TEST_ptr(pkey)) { 4222 pkey = tmp; 4223 goto err; 4224 } 4225 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) { 4226 EVP_PKEY_free(tmp); 4227 goto err; 4228 } 4229 EVP_PKEY_free(tmp); 4230 if (!TEST_true(evp_pkey_is_legacy(pkey))) 4231 goto err; 4232 } 4233 4234 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id)) 4235 || !TEST_ptr(pkey)) 4236 goto err; 4237 4238 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth); 4239 if (!TEST_int_eq(orig_id, id) 4240 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags))) 4241 goto err; 4242 4243 if (id == EVP_PKEY_ED25519) { 4244 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign); 4245 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) { 4246 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive); 4247 } else { 4248 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign); 4249 } 4250 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) { 4251 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init); 4252 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup); 4253 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy); 4254 } 4255 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL); 4256 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth))) 4257 goto err; 4258 4259 if (doderive) { 4260 pctx = EVP_PKEY_CTX_new(pkey, NULL); 4261 if (!TEST_ptr(pctx) 4262 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1) 4263 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 4264 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 4265 1) 4266 || !TEST_int_eq(ctrl_called, 1) 4267 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1) 4268 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1) 4269 || !TEST_ptr(res = OPENSSL_malloc(reslen)) 4270 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1)) 4271 goto err; 4272 } else { 4273 ctx = EVP_MD_CTX_new(); 4274 reslen = EVP_PKEY_size(pkey); 4275 res = OPENSSL_malloc(reslen); 4276 if (!TEST_ptr(ctx) 4277 || !TEST_ptr(res) 4278 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey)) 4279 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 4280 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 4281 1) 4282 || !TEST_int_eq(ctrl_called, 1)) 4283 goto err; 4284 4285 if (id == EVP_PKEY_ED25519) { 4286 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg)))) 4287 goto err; 4288 } else { 4289 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg))) 4290 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen))) 4291 goto err; 4292 } 4293 } 4294 4295 testresult = 1; 4296 err: 4297 OPENSSL_free(res); 4298 EVP_MD_CTX_free(ctx); 4299 if (doderive) 4300 EVP_PKEY_CTX_free(pctx); 4301 EVP_PKEY_free(pkey); 4302 EVP_PKEY_meth_remove(custom_pmeth); 4303 EVP_PKEY_meth_free(custom_pmeth); 4304 custom_pmeth = NULL; 4305 return testresult; 4306} 4307 4308static int test_evp_md_cipher_meth(void) 4309{ 4310 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256()); 4311 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc()); 4312 int testresult = 0; 4313 4314 if (!TEST_ptr(md) || !TEST_ptr(ciph)) 4315 goto err; 4316 4317 testresult = 1; 4318 4319 err: 4320 EVP_MD_meth_free(md); 4321 EVP_CIPHER_meth_free(ciph); 4322 4323 return testresult; 4324} 4325 4326typedef struct { 4327 int data; 4328} custom_dgst_ctx; 4329 4330static int custom_md_init_called = 0; 4331static int custom_md_cleanup_called = 0; 4332 4333static int custom_md_init(EVP_MD_CTX *ctx) 4334{ 4335 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 4336 4337 if (p == NULL) 4338 return 0; 4339 4340 custom_md_init_called++; 4341 return 1; 4342} 4343 4344static int custom_md_cleanup(EVP_MD_CTX *ctx) 4345{ 4346 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 4347 4348 if (p == NULL) 4349 /* Nothing to do */ 4350 return 1; 4351 4352 custom_md_cleanup_called++; 4353 return 1; 4354} 4355 4356static int test_custom_md_meth(void) 4357{ 4358 EVP_MD_CTX *mdctx = NULL; 4359 EVP_MD *tmp = NULL; 4360 char mess[] = "Test Message\n"; 4361 unsigned char md_value[EVP_MAX_MD_SIZE]; 4362 unsigned int md_len; 4363 int testresult = 0; 4364 int nid; 4365 4366 /* 4367 * We are testing deprecated functions. We don't support a non-default 4368 * library context in this test. 4369 */ 4370 if (testctx != NULL) 4371 return TEST_skip("Non-default libctx"); 4372 4373 custom_md_init_called = custom_md_cleanup_called = 0; 4374 4375 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md"); 4376 if (!TEST_int_ne(nid, NID_undef)) 4377 goto err; 4378 tmp = EVP_MD_meth_new(nid, NID_undef); 4379 if (!TEST_ptr(tmp)) 4380 goto err; 4381 4382 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init)) 4383 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup)) 4384 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp, 4385 sizeof(custom_dgst_ctx)))) 4386 goto err; 4387 4388 mdctx = EVP_MD_CTX_new(); 4389 if (!TEST_ptr(mdctx) 4390 /* 4391 * Initing our custom md and then initing another md should 4392 * result in the init and cleanup functions of the custom md 4393 * being called. 4394 */ 4395 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) 4396 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) 4397 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess))) 4398 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len)) 4399 || !TEST_int_eq(custom_md_init_called, 1) 4400 || !TEST_int_eq(custom_md_cleanup_called, 1)) 4401 goto err; 4402 4403 testresult = 1; 4404 err: 4405 EVP_MD_CTX_free(mdctx); 4406 EVP_MD_meth_free(tmp); 4407 return testresult; 4408} 4409 4410typedef struct { 4411 int data; 4412} custom_ciph_ctx; 4413 4414static int custom_ciph_init_called = 0; 4415static int custom_ciph_cleanup_called = 0; 4416 4417static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 4418 const unsigned char *iv, int enc) 4419{ 4420 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 4421 4422 if (p == NULL) 4423 return 0; 4424 4425 custom_ciph_init_called++; 4426 return 1; 4427} 4428 4429static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx) 4430{ 4431 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 4432 4433 if (p == NULL) 4434 /* Nothing to do */ 4435 return 1; 4436 4437 custom_ciph_cleanup_called++; 4438 return 1; 4439} 4440 4441static int test_custom_ciph_meth(void) 4442{ 4443 EVP_CIPHER_CTX *ciphctx = NULL; 4444 EVP_CIPHER *tmp = NULL; 4445 int testresult = 0; 4446 int nid; 4447 4448 /* 4449 * We are testing deprecated functions. We don't support a non-default 4450 * library context in this test. 4451 */ 4452 if (testctx != NULL) 4453 return TEST_skip("Non-default libctx"); 4454 4455 custom_ciph_init_called = custom_ciph_cleanup_called = 0; 4456 4457 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph"); 4458 if (!TEST_int_ne(nid, NID_undef)) 4459 goto err; 4460 tmp = EVP_CIPHER_meth_new(nid, 16, 16); 4461 if (!TEST_ptr(tmp)) 4462 goto err; 4463 4464 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init)) 4465 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT)) 4466 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup)) 4467 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp, 4468 sizeof(custom_ciph_ctx)))) 4469 goto err; 4470 4471 ciphctx = EVP_CIPHER_CTX_new(); 4472 if (!TEST_ptr(ciphctx) 4473 /* 4474 * Initing our custom cipher and then initing another cipher 4475 * should result in the init and cleanup functions of the custom 4476 * cipher being called. 4477 */ 4478 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1)) 4479 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL, 4480 NULL, NULL, 1)) 4481 || !TEST_int_eq(custom_ciph_init_called, 1) 4482 || !TEST_int_eq(custom_ciph_cleanup_called, 1)) 4483 goto err; 4484 4485 testresult = 1; 4486 err: 4487 EVP_CIPHER_CTX_free(ciphctx); 4488 EVP_CIPHER_meth_free(tmp); 4489 return testresult; 4490} 4491 4492# ifndef OPENSSL_NO_DYNAMIC_ENGINE 4493/* Test we can create a signature keys with an associated ENGINE */ 4494static int test_signatures_with_engine(int tst) 4495{ 4496 ENGINE *e; 4497 const char *engine_id = "dasync"; 4498 EVP_PKEY *pkey = NULL; 4499 const unsigned char badcmackey[] = { 0x00, 0x01 }; 4500 const unsigned char cmackey[] = { 4501 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4502 0x0c, 0x0d, 0x0e, 0x0f 4503 }; 4504 const unsigned char ed25519key[] = { 4505 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4506 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 4507 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 4508 }; 4509 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 4510 int testresult = 0; 4511 EVP_MD_CTX *ctx = NULL; 4512 unsigned char *mac = NULL; 4513 size_t maclen = 0; 4514 int ret; 4515 4516# ifdef OPENSSL_NO_CMAC 4517 /* Skip CMAC tests in a no-cmac build */ 4518 if (tst <= 1) 4519 return 1; 4520# endif 4521 4522 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 4523 return 0; 4524 4525 if (!TEST_true(ENGINE_init(e))) { 4526 ENGINE_free(e); 4527 return 0; 4528 } 4529 4530 switch (tst) { 4531 case 0: 4532 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey), 4533 EVP_aes_128_cbc()); 4534 break; 4535 case 1: 4536 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey), 4537 EVP_aes_128_cbc()); 4538 break; 4539 case 2: 4540 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key, 4541 sizeof(ed25519key)); 4542 break; 4543 default: 4544 TEST_error("Invalid test case"); 4545 goto err; 4546 } 4547 if (!TEST_ptr(pkey)) 4548 goto err; 4549 4550 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 4551 goto err; 4552 4553 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL, 4554 pkey); 4555 if (tst == 0) { 4556 if (!TEST_true(ret)) 4557 goto err; 4558 4559 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg))) 4560 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen))) 4561 goto err; 4562 4563 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 4564 goto err; 4565 4566 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen))) 4567 goto err; 4568 } else { 4569 /* We used a bad key. We expect a failure here */ 4570 if (!TEST_false(ret)) 4571 goto err; 4572 } 4573 4574 testresult = 1; 4575 err: 4576 EVP_MD_CTX_free(ctx); 4577 OPENSSL_free(mac); 4578 EVP_PKEY_free(pkey); 4579 ENGINE_finish(e); 4580 ENGINE_free(e); 4581 4582 return testresult; 4583} 4584 4585static int test_cipher_with_engine(void) 4586{ 4587 ENGINE *e; 4588 const char *engine_id = "dasync"; 4589 const unsigned char keyiv[] = { 4590 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4591 0x0c, 0x0d, 0x0e, 0x0f 4592 }; 4593 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 4594 int testresult = 0; 4595 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL; 4596 unsigned char buf[AES_BLOCK_SIZE]; 4597 int len = 0; 4598 4599 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 4600 return 0; 4601 4602 if (!TEST_true(ENGINE_init(e))) { 4603 ENGINE_free(e); 4604 return 0; 4605 } 4606 4607 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 4608 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new())) 4609 goto err; 4610 4611 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv))) 4612 goto err; 4613 4614 /* Copy the ctx, and complete the operation with the new ctx */ 4615 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx))) 4616 goto err; 4617 4618 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg))) 4619 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len))) 4620 goto err; 4621 4622 testresult = 1; 4623 err: 4624 EVP_CIPHER_CTX_free(ctx); 4625 EVP_CIPHER_CTX_free(ctx2); 4626 ENGINE_finish(e); 4627 ENGINE_free(e); 4628 4629 return testresult; 4630} 4631# endif /* OPENSSL_NO_DYNAMIC_ENGINE */ 4632#endif /* OPENSSL_NO_DEPRECATED_3_0 */ 4633 4634static int ecxnids[] = { 4635 NID_X25519, 4636 NID_X448, 4637 NID_ED25519, 4638 NID_ED448 4639}; 4640 4641/* Test that creating ECX keys with a short private key fails as expected */ 4642static int test_ecx_short_keys(int tst) 4643{ 4644 unsigned char ecxkeydata = 1; 4645 EVP_PKEY *pkey; 4646 4647 4648 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]), 4649 NULL, &ecxkeydata, 1); 4650 if (!TEST_ptr_null(pkey)) { 4651 EVP_PKEY_free(pkey); 4652 return 0; 4653 } 4654 4655 return 1; 4656} 4657 4658typedef enum OPTION_choice { 4659 OPT_ERR = -1, 4660 OPT_EOF = 0, 4661 OPT_CONTEXT, 4662 OPT_TEST_ENUM 4663} OPTION_CHOICE; 4664 4665const OPTIONS *test_get_options(void) 4666{ 4667 static const OPTIONS options[] = { 4668 OPT_TEST_OPTIONS_DEFAULT_USAGE, 4669 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" }, 4670 { NULL } 4671 }; 4672 return options; 4673} 4674 4675#ifndef OPENSSL_NO_EC 4676/* Test that trying to sign with a public key errors out gracefully */ 4677static int test_ecx_not_private_key(int tst) 4678{ 4679 EVP_PKEY *pkey = NULL; 4680 4681 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 4682 int testresult = 0; 4683 EVP_MD_CTX *ctx = NULL; 4684 unsigned char *mac = NULL; 4685 size_t maclen = 0; 4686 unsigned char *pubkey; 4687 size_t pubkeylen; 4688 4689 switch (keys[tst].type) { 4690 case NID_X25519: 4691 case NID_X448: 4692 return TEST_skip("signing not supported for X25519/X448"); 4693 } 4694 4695 /* Check if this algorithm supports public keys */ 4696 if (keys[tst].pub == NULL) 4697 return TEST_skip("no public key present"); 4698 4699 pubkey = (unsigned char *)keys[tst].pub; 4700 pubkeylen = strlen(keys[tst].pub); 4701 4702 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type), 4703 NULL, pubkey, pubkeylen); 4704 if (!TEST_ptr(pkey)) 4705 goto err; 4706 4707 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 4708 goto err; 4709 4710 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1) 4711 goto check_err; 4712 4713 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1) 4714 goto check_err; 4715 4716 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 4717 goto err; 4718 4719 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0)) 4720 goto err; 4721 4722 check_err: 4723 /* 4724 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY, 4725 * but we relax the check to allow error also thrown by 4726 * EVP_DigestSignInit and EVP_DigestSign. 4727 */ 4728 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) { 4729 testresult = 1; 4730 ERR_clear_error(); 4731 } 4732 4733 err: 4734 EVP_MD_CTX_free(ctx); 4735 OPENSSL_free(mac); 4736 EVP_PKEY_free(pkey); 4737 4738 return testresult; 4739} 4740#endif /* OPENSSL_NO_EC */ 4741 4742int setup_tests(void) 4743{ 4744 OPTION_CHOICE o; 4745 4746 while ((o = opt_next()) != OPT_EOF) { 4747 switch (o) { 4748 case OPT_CONTEXT: 4749 /* Set up an alternate library context */ 4750 testctx = OSSL_LIB_CTX_new(); 4751 if (!TEST_ptr(testctx)) 4752 return 0; 4753 /* Swap the libctx to test non-default context only */ 4754 nullprov = OSSL_PROVIDER_load(NULL, "null"); 4755 deflprov = OSSL_PROVIDER_load(testctx, "default"); 4756 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); 4757 break; 4758 case OPT_TEST_CASES: 4759 break; 4760 default: 4761 return 0; 4762 } 4763 } 4764 4765 ADD_TEST(test_EVP_set_default_properties); 4766 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30); 4767 ADD_TEST(test_EVP_DigestVerifyInit); 4768#ifndef OPENSSL_NO_SIPHASH 4769 ADD_TEST(test_siphash_digestsign); 4770#endif 4771 ADD_TEST(test_EVP_Digest); 4772 ADD_TEST(test_EVP_md_null); 4773 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3); 4774 ADD_ALL_TESTS(test_EVP_Enveloped, 2); 4775 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); 4776 ADD_TEST(test_privatekey_to_pkcs8); 4777 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag); 4778#ifndef OPENSSL_NO_EC 4779 ADD_TEST(test_EVP_PKCS82PKEY); 4780#endif 4781#ifndef OPENSSL_NO_EC 4782 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings)); 4783#endif 4784#if !defined(OPENSSL_NO_SM2) 4785 ADD_TEST(test_EVP_SM2); 4786 ADD_TEST(test_EVP_SM2_verify); 4787#endif 4788 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); 4789#ifndef OPENSSL_NO_DEPRECATED_3_0 4790 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); 4791 if (!TEST_ptr(custom_pmeth)) 4792 return 0; 4793 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); 4794 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); 4795 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); 4796 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) 4797 return 0; 4798#endif 4799 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); 4800#ifndef OPENSSL_NO_CMAC 4801 ADD_TEST(test_CMAC_keygen); 4802#endif 4803 ADD_TEST(test_HKDF); 4804 ADD_TEST(test_emptyikm_HKDF); 4805#ifndef OPENSSL_NO_EC 4806 ADD_TEST(test_X509_PUBKEY_inplace); 4807 ADD_TEST(test_X509_PUBKEY_dup); 4808 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, 4809 OSSL_NELEM(ec_der_pub_keys)); 4810#endif 4811#ifndef OPENSSL_NO_DSA 4812 ADD_TEST(test_DSA_get_set_params); 4813 ADD_TEST(test_DSA_priv_pub); 4814#endif 4815 ADD_TEST(test_RSA_get_set_params); 4816 ADD_TEST(test_RSA_OAEP_set_get_params); 4817#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 4818 ADD_TEST(test_decrypt_null_chunks); 4819#endif 4820#ifndef OPENSSL_NO_DH 4821 ADD_TEST(test_DH_priv_pub); 4822# ifndef OPENSSL_NO_DEPRECATED_3_0 4823 ADD_TEST(test_EVP_PKEY_set1_DH); 4824# endif 4825#endif 4826#ifndef OPENSSL_NO_EC 4827 ADD_TEST(test_EC_priv_pub); 4828# ifndef OPENSSL_NO_DEPRECATED_3_0 4829 ADD_TEST(test_EC_priv_only_legacy); 4830# endif 4831#endif 4832 ADD_ALL_TESTS(test_keygen_with_empty_template, 2); 4833 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2); 4834 4835 ADD_TEST(test_rand_agglomeration); 4836 ADD_ALL_TESTS(test_evp_iv_aes, 12); 4837#ifndef OPENSSL_NO_DES 4838 ADD_ALL_TESTS(test_evp_iv_des, 6); 4839#endif 4840#ifndef OPENSSL_NO_BF 4841 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4); 4842#endif 4843 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits); 4844 ADD_TEST(test_EVP_rsa_pss_set_saltlen); 4845#ifndef OPENSSL_NO_EC 4846 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids)); 4847#endif 4848 4849 ADD_TEST(test_names_do_all); 4850 4851 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); 4852 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); 4853 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); 4854 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); 4855 4856#ifndef OPENSSL_NO_DEPRECATED_3_0 4857 ADD_ALL_TESTS(test_custom_pmeth, 12); 4858 ADD_TEST(test_evp_md_cipher_meth); 4859 ADD_TEST(test_custom_md_meth); 4860 ADD_TEST(test_custom_ciph_meth); 4861 4862# ifndef OPENSSL_NO_DYNAMIC_ENGINE 4863 /* Tests only support the default libctx */ 4864 if (testctx == NULL) { 4865# ifndef OPENSSL_NO_EC 4866 ADD_ALL_TESTS(test_signatures_with_engine, 3); 4867# else 4868 ADD_ALL_TESTS(test_signatures_with_engine, 2); 4869# endif 4870 ADD_TEST(test_cipher_with_engine); 4871 } 4872# endif 4873#endif 4874 4875 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids)); 4876 4877#ifndef OPENSSL_NO_EC 4878 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); 4879#endif 4880 4881 return 1; 4882} 4883 4884void cleanup_tests(void) 4885{ 4886 OSSL_PROVIDER_unload(nullprov); 4887 OSSL_PROVIDER_unload(deflprov); 4888 OSSL_PROVIDER_unload(lgcyprov); 4889 OSSL_LIB_CTX_free(testctx); 4890} 4891