2
0

evp_extra_test.c 161 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868
  1. /*
  2. * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* We need to use some deprecated APIs */
  10. #define OPENSSL_SUPPRESS_DEPRECATED
  11. #include <stdio.h>
  12. #include <stdlib.h>
  13. #include <string.h>
  14. #include <openssl/bio.h>
  15. #include <openssl/conf.h>
  16. #include <openssl/crypto.h>
  17. #include <openssl/err.h>
  18. #include <openssl/evp.h>
  19. #include <openssl/x509.h>
  20. #include <openssl/pem.h>
  21. #include <openssl/kdf.h>
  22. #include <openssl/provider.h>
  23. #include <openssl/core_names.h>
  24. #include <openssl/params.h>
  25. #include <openssl/param_build.h>
  26. #include <openssl/dsa.h>
  27. #include <openssl/dh.h>
  28. #include <openssl/aes.h>
  29. #include <openssl/decoder.h>
  30. #include <openssl/rsa.h>
  31. #include <openssl/engine.h>
  32. #include <openssl/proverr.h>
  33. #include "testutil.h"
  34. #include "internal/nelem.h"
  35. #include "internal/sizes.h"
  36. #include "crypto/evp.h"
  37. static OSSL_LIB_CTX *testctx = NULL;
  38. static char *testpropq = NULL;
  39. static OSSL_PROVIDER *nullprov = NULL;
  40. static OSSL_PROVIDER *deflprov = NULL;
  41. static OSSL_PROVIDER *lgcyprov = NULL;
  42. /*
  43. * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
  44. * should never use this key anywhere but in an example.
  45. */
  46. static const unsigned char kExampleRSAKeyDER[] = {
  47. 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
  48. 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
  49. 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
  50. 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
  51. 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
  52. 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
  53. 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
  54. 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
  55. 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
  56. 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
  57. 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
  58. 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
  59. 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
  60. 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
  61. 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
  62. 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
  63. 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
  64. 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
  65. 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
  66. 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
  67. 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
  68. 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
  69. 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
  70. 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
  71. 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
  72. 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
  73. 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
  74. 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
  75. 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
  76. 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
  77. 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
  78. 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
  79. 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
  80. 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
  81. 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
  82. 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
  83. 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
  84. 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
  85. 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
  86. 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
  87. 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
  88. 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
  89. 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
  90. 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
  91. 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
  92. 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
  93. 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
  94. 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
  95. 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
  96. 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
  97. 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
  98. };
  99. /*
  100. * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
  101. * should never use this key anywhere but in an example.
  102. */
  103. #ifndef OPENSSL_NO_DSA
  104. static const unsigned char kExampleDSAKeyDER[] = {
  105. 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
  106. 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
  107. 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
  108. 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
  109. 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
  110. 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
  111. 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
  112. 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
  113. 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
  114. 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
  115. 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
  116. 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
  117. 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
  118. 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
  119. 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
  120. 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
  121. 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
  122. 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
  123. 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
  124. 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
  125. 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
  126. 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
  127. 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
  128. 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
  129. 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
  130. 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
  131. 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
  132. 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
  133. 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
  134. 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
  135. 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
  136. 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
  137. 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
  138. 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
  139. 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
  140. 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
  141. 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
  142. 0x40, 0x48
  143. };
  144. #endif
  145. /*
  146. * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
  147. * components are not correct.
  148. */
  149. static const unsigned char kExampleBadRSAKeyDER[] = {
  150. 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
  151. 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
  152. 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
  153. 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
  154. 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
  155. 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
  156. 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
  157. 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
  158. 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
  159. 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
  160. 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
  161. 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
  162. 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
  163. 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
  164. 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
  165. 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
  166. 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
  167. 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
  168. 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
  169. 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
  170. 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
  171. 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
  172. 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
  173. 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
  174. 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
  175. 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
  176. 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
  177. 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
  178. 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
  179. 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
  180. 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
  181. 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
  182. 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
  183. 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
  184. 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
  185. 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
  186. 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
  187. 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
  188. 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
  189. 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
  190. 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
  191. 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
  192. 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
  193. 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
  194. 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
  195. 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
  196. 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
  197. 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
  198. 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
  199. 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
  200. 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
  201. 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
  202. 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
  203. 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
  204. 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
  205. 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
  206. 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
  207. 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
  208. 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
  209. 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
  210. 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
  211. 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
  212. 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
  213. 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
  214. 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
  215. 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
  216. 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
  217. 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
  218. 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
  219. 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
  220. 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
  221. 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
  222. 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
  223. 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
  224. 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
  225. 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
  226. 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
  227. 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
  228. 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
  229. 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
  230. 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
  231. 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
  232. 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
  233. 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
  234. 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
  235. 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
  236. 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
  237. 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
  238. 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
  239. };
  240. /*
  241. * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
  242. * values are 0.
  243. */
  244. static const unsigned char kExampleBad2RSAKeyDER[] = {
  245. 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
  246. 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
  247. 0x01, 0x00, 0x02, 0x01, 0x00
  248. };
  249. static const unsigned char kMsg[] = { 1, 2, 3, 4 };
  250. static const unsigned char kSignature[] = {
  251. 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
  252. 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
  253. 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
  254. 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
  255. 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
  256. 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
  257. 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
  258. 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
  259. 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
  260. 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
  261. 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
  262. };
  263. /*
  264. * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
  265. * PrivateKeyInfo.
  266. */
  267. static const unsigned char kExampleRSAKeyPKCS8[] = {
  268. 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
  269. 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
  270. 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
  271. 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
  272. 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
  273. 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
  274. 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
  275. 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
  276. 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
  277. 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
  278. 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
  279. 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
  280. 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
  281. 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
  282. 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
  283. 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
  284. 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
  285. 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
  286. 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
  287. 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
  288. 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
  289. 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
  290. 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
  291. 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
  292. 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
  293. 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
  294. 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
  295. 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
  296. 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
  297. 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
  298. 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
  299. 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
  300. 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
  301. 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
  302. 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
  303. 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
  304. 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
  305. 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
  306. 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
  307. 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
  308. 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
  309. 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
  310. 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
  311. 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
  312. 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
  313. 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
  314. 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
  315. 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
  316. 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
  317. 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
  318. 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
  319. 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
  320. 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
  321. };
  322. #ifndef OPENSSL_NO_EC
  323. /*
  324. * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
  325. * structure.
  326. */
  327. static const unsigned char kExampleECKeyDER[] = {
  328. 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
  329. 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
  330. 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
  331. 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
  332. 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
  333. 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
  334. 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
  335. 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
  336. 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
  337. 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
  338. 0xc1,
  339. };
  340. /*
  341. * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
  342. * structure. The private key is equal to the order and will fail to import
  343. */
  344. static const unsigned char kExampleBadECKeyDER[] = {
  345. 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
  346. 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
  347. 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
  348. 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
  349. 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
  350. 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
  351. 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
  352. 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
  353. 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
  354. };
  355. /* prime256v1 */
  356. static const unsigned char kExampleECPubKeyDER[] = {
  357. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  358. 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
  359. 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
  360. 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
  361. 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
  362. 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
  363. 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
  364. 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
  365. };
  366. /*
  367. * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
  368. * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
  369. */
  370. static const unsigned char kExampleBadECPubKeyDER[] = {
  371. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  372. 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
  373. 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
  374. 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
  375. 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
  376. 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
  377. 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
  378. 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
  379. };
  380. static const unsigned char pExampleECParamDER[] = {
  381. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
  382. };
  383. static const unsigned char kExampleED25519KeyDER[] = {
  384. 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
  385. 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
  386. 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
  387. 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
  388. };
  389. static const unsigned char kExampleED25519PubKeyDER[] = {
  390. 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
  391. 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
  392. 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
  393. 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
  394. };
  395. # ifndef OPENSSL_NO_DEPRECATED_3_0
  396. static const unsigned char kExampleX25519KeyDER[] = {
  397. 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
  398. 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
  399. 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
  400. 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
  401. };
  402. # endif
  403. #endif
  404. /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
  405. #ifndef OPENSSL_NO_DEPRECATED_3_0
  406. # ifndef OPENSSL_NO_DH
  407. static const unsigned char kExampleDHKeyDER[] = {
  408. 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
  409. 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
  410. 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
  411. 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
  412. 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
  413. 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
  414. 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
  415. 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
  416. 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
  417. 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
  418. 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
  419. 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
  420. 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
  421. 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
  422. 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
  423. 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
  424. 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
  425. 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
  426. 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
  427. 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
  428. 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
  429. 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
  430. 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
  431. 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
  432. 0x2e, 0x87, 0x2a, 0x0b, 0x7a
  433. };
  434. # endif
  435. #endif
  436. static const unsigned char kCFBDefaultKey[] = {
  437. 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
  438. 0x09, 0xCF, 0x4F, 0x3C
  439. };
  440. static const unsigned char kGCMDefaultKey[32] = { 0 };
  441. static const unsigned char kGCMResetKey[] = {
  442. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
  443. 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  444. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
  445. };
  446. static const unsigned char iCFBIV[] = {
  447. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
  448. 0x0C, 0x0D, 0x0E, 0x0F
  449. };
  450. static const unsigned char iGCMDefaultIV[12] = { 0 };
  451. static const unsigned char iGCMResetIV1[] = {
  452. 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
  453. };
  454. static const unsigned char iGCMResetIV2[] = {
  455. 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
  456. };
  457. static const unsigned char cfbPlaintext[] = {
  458. 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
  459. 0x73, 0x93, 0x17, 0x2A
  460. };
  461. static const unsigned char gcmDefaultPlaintext[16] = { 0 };
  462. static const unsigned char gcmResetPlaintext[] = {
  463. 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
  464. 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
  465. 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
  466. 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
  467. 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
  468. };
  469. static const unsigned char cfbCiphertext[] = {
  470. 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
  471. 0xE8, 0x3C, 0xFB, 0x4A
  472. };
  473. static const unsigned char gcmDefaultCiphertext[] = {
  474. 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
  475. 0xba, 0xf3, 0x9d, 0x18
  476. };
  477. static const unsigned char gcmResetCiphertext1[] = {
  478. 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
  479. 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
  480. 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
  481. 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
  482. 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
  483. };
  484. static const unsigned char gcmResetCiphertext2[] = {
  485. 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
  486. 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
  487. 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
  488. 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
  489. 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
  490. };
  491. static const unsigned char gcmAAD[] = {
  492. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
  493. 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
  494. };
  495. static const unsigned char gcmDefaultTag[] = {
  496. 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
  497. 0xd4, 0x8a, 0xb9, 0x19
  498. };
  499. static const unsigned char gcmResetTag1[] = {
  500. 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
  501. 0xfe, 0x2e, 0xa8, 0xf2
  502. };
  503. static const unsigned char gcmResetTag2[] = {
  504. 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
  505. 0xbb, 0x2d, 0x55, 0x1b
  506. };
  507. typedef struct APK_DATA_st {
  508. const unsigned char *kder;
  509. size_t size;
  510. const char *keytype;
  511. int evptype;
  512. int check;
  513. int pub_check;
  514. int param_check;
  515. int type; /* 0 for private, 1 for public, 2 for params */
  516. } APK_DATA;
  517. static APK_DATA keydata[] = {
  518. {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
  519. {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
  520. #ifndef OPENSSL_NO_EC
  521. {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
  522. #endif
  523. };
  524. static APK_DATA keycheckdata[] = {
  525. {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
  526. 0},
  527. {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
  528. 0, 1, 1, 0},
  529. {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
  530. 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
  531. #ifndef OPENSSL_NO_EC
  532. {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
  533. /* group is also associated in our pub key */
  534. {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
  535. 1, 1},
  536. {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
  537. 2},
  538. {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
  539. EVP_PKEY_ED25519, 1, 1, 1, 0},
  540. {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
  541. EVP_PKEY_ED25519, 0, 1, 1, 1},
  542. #endif
  543. };
  544. static EVP_PKEY *load_example_key(const char *keytype,
  545. const unsigned char *data, size_t data_len)
  546. {
  547. const unsigned char **pdata = &data;
  548. EVP_PKEY *pkey = NULL;
  549. OSSL_DECODER_CTX *dctx =
  550. OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
  551. testctx, testpropq);
  552. /* |pkey| will be NULL on error */
  553. (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
  554. OSSL_DECODER_CTX_free(dctx);
  555. return pkey;
  556. }
  557. static EVP_PKEY *load_example_rsa_key(void)
  558. {
  559. return load_example_key("RSA", kExampleRSAKeyDER,
  560. sizeof(kExampleRSAKeyDER));
  561. }
  562. #ifndef OPENSSL_NO_DSA
  563. static EVP_PKEY *load_example_dsa_key(void)
  564. {
  565. return load_example_key("DSA", kExampleDSAKeyDER,
  566. sizeof(kExampleDSAKeyDER));
  567. }
  568. #endif
  569. #ifndef OPENSSL_NO_EC
  570. static EVP_PKEY *load_example_ec_key(void)
  571. {
  572. return load_example_key("EC", kExampleECKeyDER,
  573. sizeof(kExampleECKeyDER));
  574. }
  575. #endif
  576. #ifndef OPENSSL_NO_DEPRECATED_3_0
  577. # ifndef OPENSSL_NO_DH
  578. static EVP_PKEY *load_example_dh_key(void)
  579. {
  580. return load_example_key("DH", kExampleDHKeyDER,
  581. sizeof(kExampleDHKeyDER));
  582. }
  583. # endif
  584. # ifndef OPENSSL_NO_EC
  585. static EVP_PKEY *load_example_ed25519_key(void)
  586. {
  587. return load_example_key("ED25519", kExampleED25519KeyDER,
  588. sizeof(kExampleED25519KeyDER));
  589. }
  590. static EVP_PKEY *load_example_x25519_key(void)
  591. {
  592. return load_example_key("X25519", kExampleX25519KeyDER,
  593. sizeof(kExampleX25519KeyDER));
  594. }
  595. # endif
  596. #endif /* OPENSSL_NO_DEPRECATED_3_0 */
  597. static EVP_PKEY *load_example_hmac_key(void)
  598. {
  599. EVP_PKEY *pkey = NULL;
  600. unsigned char key[] = {
  601. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  602. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  603. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
  604. };
  605. pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
  606. NULL, key, sizeof(key));
  607. if (!TEST_ptr(pkey))
  608. return NULL;
  609. return pkey;
  610. }
  611. static int test_EVP_set_default_properties(void)
  612. {
  613. OSSL_LIB_CTX *ctx;
  614. EVP_MD *md = NULL;
  615. int res = 0;
  616. if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
  617. || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
  618. goto err;
  619. EVP_MD_free(md);
  620. md = NULL;
  621. if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
  622. || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
  623. || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
  624. goto err;
  625. EVP_MD_free(md);
  626. md = NULL;
  627. if (!TEST_true(EVP_set_default_properties(ctx, NULL))
  628. || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
  629. goto err;
  630. res = 1;
  631. err:
  632. EVP_MD_free(md);
  633. OSSL_LIB_CTX_free(ctx);
  634. return res;
  635. }
  636. #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
  637. static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
  638. {
  639. EVP_PKEY_CTX *pctx = NULL;
  640. EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
  641. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
  642. goto err;
  643. if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
  644. || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
  645. params), 0))
  646. goto err;
  647. if (!TEST_ptr(tmp_pkey))
  648. goto err;
  649. pkey = tmp_pkey;
  650. tmp_pkey = NULL;
  651. err:
  652. EVP_PKEY_free(tmp_pkey);
  653. EVP_PKEY_CTX_free(pctx);
  654. return pkey;
  655. }
  656. static int test_selection(EVP_PKEY *pkey, int selection)
  657. {
  658. int testresult = 0;
  659. int ret;
  660. BIO *bio = BIO_new(BIO_s_mem());
  661. ret = PEM_write_bio_PUBKEY(bio, pkey);
  662. if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
  663. if (!TEST_true(ret))
  664. goto err;
  665. } else {
  666. if (!TEST_false(ret))
  667. goto err;
  668. }
  669. ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
  670. testctx, NULL);
  671. if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
  672. if (!TEST_true(ret))
  673. goto err;
  674. } else {
  675. if (!TEST_false(ret))
  676. goto err;
  677. }
  678. testresult = 1;
  679. err:
  680. BIO_free(bio);
  681. return testresult;
  682. }
  683. #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
  684. /*
  685. * Test combinations of private, public, missing and private + public key
  686. * params to ensure they are all accepted
  687. */
  688. #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
  689. static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
  690. {
  691. OSSL_PARAM_BLD *bld = NULL;
  692. OSSL_PARAM *params = NULL;
  693. EVP_PKEY *just_params = NULL;
  694. EVP_PKEY *params_and_priv = NULL;
  695. EVP_PKEY *params_and_pub = NULL;
  696. EVP_PKEY *params_and_keypair = NULL;
  697. BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
  698. int ret = 0;
  699. /*
  700. * Setup the parameters for our pkey object. For our purposes they don't
  701. * have to actually be *valid* parameters. We just need to set something.
  702. */
  703. if (!TEST_ptr(p = BN_new())
  704. || !TEST_ptr(q = BN_new())
  705. || !TEST_ptr(g = BN_new())
  706. || !TEST_ptr(pub = BN_new())
  707. || !TEST_ptr(priv = BN_new()))
  708. goto err;
  709. /* Test !priv and !pub */
  710. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  711. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
  712. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
  713. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
  714. goto err;
  715. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  716. || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
  717. goto err;
  718. OSSL_PARAM_free(params);
  719. OSSL_PARAM_BLD_free(bld);
  720. params = NULL;
  721. bld = NULL;
  722. if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
  723. || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
  724. goto err;
  725. /* Test priv and !pub */
  726. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  727. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
  728. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
  729. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
  730. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
  731. priv)))
  732. goto err;
  733. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  734. || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
  735. goto err;
  736. OSSL_PARAM_free(params);
  737. OSSL_PARAM_BLD_free(bld);
  738. params = NULL;
  739. bld = NULL;
  740. if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
  741. || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
  742. goto err;
  743. /* Test !priv and pub */
  744. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  745. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
  746. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
  747. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
  748. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
  749. pub)))
  750. goto err;
  751. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  752. || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
  753. goto err;
  754. OSSL_PARAM_free(params);
  755. OSSL_PARAM_BLD_free(bld);
  756. params = NULL;
  757. bld = NULL;
  758. if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
  759. || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
  760. goto err;
  761. /* Test priv and pub */
  762. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  763. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
  764. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
  765. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
  766. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
  767. pub))
  768. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
  769. priv)))
  770. goto err;
  771. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  772. || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
  773. goto err;
  774. if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
  775. goto err;
  776. ret = 1;
  777. err:
  778. OSSL_PARAM_free(params);
  779. OSSL_PARAM_BLD_free(bld);
  780. EVP_PKEY_free(just_params);
  781. EVP_PKEY_free(params_and_priv);
  782. EVP_PKEY_free(params_and_pub);
  783. EVP_PKEY_free(params_and_keypair);
  784. BN_free(p);
  785. BN_free(q);
  786. BN_free(g);
  787. BN_free(pub);
  788. BN_free(priv);
  789. return ret;
  790. }
  791. #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
  792. /*
  793. * Test combinations of private, public, missing and private + public key
  794. * params to ensure they are all accepted for EC keys
  795. */
  796. #ifndef OPENSSL_NO_EC
  797. static unsigned char ec_priv[] = {
  798. 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
  799. 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
  800. 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
  801. };
  802. static unsigned char ec_pub[] = {
  803. 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
  804. 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
  805. 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
  806. 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
  807. 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
  808. 0x08, 0x09, 0xb8, 0xdb, 0x03
  809. };
  810. static int test_EC_priv_pub(void)
  811. {
  812. OSSL_PARAM_BLD *bld = NULL;
  813. OSSL_PARAM *params = NULL;
  814. EVP_PKEY *just_params = NULL;
  815. EVP_PKEY *params_and_priv = NULL;
  816. EVP_PKEY *params_and_pub = NULL;
  817. EVP_PKEY *params_and_keypair = NULL;
  818. BIGNUM *priv = NULL;
  819. int ret = 0;
  820. unsigned char *encoded = NULL;
  821. /*
  822. * Setup the parameters for our pkey object. For our purposes they don't
  823. * have to actually be *valid* parameters. We just need to set something.
  824. */
  825. if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
  826. goto err;
  827. /* Test !priv and !pub */
  828. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  829. || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
  830. OSSL_PKEY_PARAM_GROUP_NAME,
  831. "P-256", 0)))
  832. goto err;
  833. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  834. || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
  835. goto err;
  836. OSSL_PARAM_free(params);
  837. OSSL_PARAM_BLD_free(bld);
  838. params = NULL;
  839. bld = NULL;
  840. if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
  841. || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
  842. goto err;
  843. /* Test priv and !pub */
  844. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  845. || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
  846. OSSL_PKEY_PARAM_GROUP_NAME,
  847. "P-256", 0))
  848. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
  849. priv)))
  850. goto err;
  851. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  852. || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
  853. goto err;
  854. OSSL_PARAM_free(params);
  855. OSSL_PARAM_BLD_free(bld);
  856. params = NULL;
  857. bld = NULL;
  858. /*
  859. * We indicate only parameters here, in spite of having built a key that
  860. * has a private part, because the PEM_write_bio_PrivateKey_ex call is
  861. * expected to fail because it does not support exporting a private EC
  862. * key without a corresponding public key
  863. */
  864. if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
  865. || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
  866. goto err;
  867. /* Test !priv and pub */
  868. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  869. || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
  870. OSSL_PKEY_PARAM_GROUP_NAME,
  871. "P-256", 0))
  872. || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
  873. OSSL_PKEY_PARAM_PUB_KEY,
  874. ec_pub, sizeof(ec_pub))))
  875. goto err;
  876. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  877. || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
  878. goto err;
  879. OSSL_PARAM_free(params);
  880. OSSL_PARAM_BLD_free(bld);
  881. params = NULL;
  882. bld = NULL;
  883. if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
  884. || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
  885. goto err;
  886. /* Test priv and pub */
  887. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  888. || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
  889. OSSL_PKEY_PARAM_GROUP_NAME,
  890. "P-256", 0))
  891. || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
  892. OSSL_PKEY_PARAM_PUB_KEY,
  893. ec_pub, sizeof(ec_pub)))
  894. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
  895. priv)))
  896. goto err;
  897. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  898. || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
  899. goto err;
  900. if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
  901. goto err;
  902. /* Try key equality */
  903. if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
  904. || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
  905. 0)
  906. || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
  907. 0)
  908. || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
  909. 0)
  910. || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
  911. || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
  912. || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
  913. || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
  914. goto err;
  915. /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
  916. if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
  917. goto err;
  918. OPENSSL_free(encoded);
  919. encoded = NULL;
  920. if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
  921. OPENSSL_free(encoded);
  922. encoded = NULL;
  923. goto err;
  924. }
  925. ret = 1;
  926. err:
  927. OSSL_PARAM_free(params);
  928. OSSL_PARAM_BLD_free(bld);
  929. EVP_PKEY_free(just_params);
  930. EVP_PKEY_free(params_and_priv);
  931. EVP_PKEY_free(params_and_pub);
  932. EVP_PKEY_free(params_and_keypair);
  933. BN_free(priv);
  934. return ret;
  935. }
  936. /* Test that using a legacy EC key with only a private key in it works */
  937. # ifndef OPENSSL_NO_DEPRECATED_3_0
  938. static int test_EC_priv_only_legacy(void)
  939. {
  940. BIGNUM *priv = NULL;
  941. int ret = 0;
  942. EC_KEY *eckey = NULL;
  943. EVP_PKEY *pkey = NULL, *dup_pk = NULL;
  944. EVP_MD_CTX *ctx = NULL;
  945. /* Create the low level EC_KEY */
  946. if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
  947. goto err;
  948. eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  949. if (!TEST_ptr(eckey))
  950. goto err;
  951. if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
  952. goto err;
  953. pkey = EVP_PKEY_new();
  954. if (!TEST_ptr(pkey))
  955. goto err;
  956. if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
  957. goto err;
  958. eckey = NULL;
  959. while (dup_pk == NULL) {
  960. ret = 0;
  961. ctx = EVP_MD_CTX_new();
  962. if (!TEST_ptr(ctx))
  963. goto err;
  964. /*
  965. * The EVP_DigestSignInit function should create the key on the
  966. * provider side which is sufficient for this test.
  967. */
  968. if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
  969. testpropq, pkey, NULL)))
  970. goto err;
  971. EVP_MD_CTX_free(ctx);
  972. ctx = NULL;
  973. if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
  974. goto err;
  975. /* EVP_PKEY_eq() returns -2 with missing public keys */
  976. ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
  977. EVP_PKEY_free(pkey);
  978. pkey = dup_pk;
  979. if (!ret)
  980. goto err;
  981. }
  982. err:
  983. EVP_MD_CTX_free(ctx);
  984. EVP_PKEY_free(pkey);
  985. EC_KEY_free(eckey);
  986. BN_free(priv);
  987. return ret;
  988. }
  989. # endif /* OPENSSL_NO_DEPRECATED_3_0 */
  990. #endif /* OPENSSL_NO_EC */
  991. static int test_EVP_PKEY_sign(int tst)
  992. {
  993. int ret = 0;
  994. EVP_PKEY *pkey = NULL;
  995. unsigned char *sig = NULL;
  996. size_t sig_len = 0, shortsig_len = 1;
  997. EVP_PKEY_CTX *ctx = NULL;
  998. unsigned char tbs[] = {
  999. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  1000. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
  1001. };
  1002. if (tst == 0) {
  1003. if (!TEST_ptr(pkey = load_example_rsa_key()))
  1004. goto out;
  1005. } else if (tst == 1) {
  1006. #ifndef OPENSSL_NO_DSA
  1007. if (!TEST_ptr(pkey = load_example_dsa_key()))
  1008. goto out;
  1009. #else
  1010. ret = 1;
  1011. goto out;
  1012. #endif
  1013. } else {
  1014. #ifndef OPENSSL_NO_EC
  1015. if (!TEST_ptr(pkey = load_example_ec_key()))
  1016. goto out;
  1017. #else
  1018. ret = 1;
  1019. goto out;
  1020. #endif
  1021. }
  1022. ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
  1023. if (!TEST_ptr(ctx)
  1024. || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
  1025. || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
  1026. sizeof(tbs)), 0))
  1027. goto out;
  1028. sig = OPENSSL_malloc(sig_len);
  1029. if (!TEST_ptr(sig)
  1030. /* Test sending a signature buffer that is too short is rejected */
  1031. || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
  1032. sizeof(tbs)), 0)
  1033. || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
  1034. 0)
  1035. /* Test the signature round-trips */
  1036. || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
  1037. || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
  1038. 0))
  1039. goto out;
  1040. ret = 1;
  1041. out:
  1042. EVP_PKEY_CTX_free(ctx);
  1043. OPENSSL_free(sig);
  1044. EVP_PKEY_free(pkey);
  1045. return ret;
  1046. }
  1047. /*
  1048. * n = 0 => test using legacy cipher
  1049. * n = 1 => test using fetched cipher
  1050. */
  1051. static int test_EVP_Enveloped(int n)
  1052. {
  1053. int ret = 0;
  1054. EVP_CIPHER_CTX *ctx = NULL;
  1055. EVP_PKEY *keypair = NULL;
  1056. unsigned char *kek = NULL;
  1057. unsigned char iv[EVP_MAX_IV_LENGTH];
  1058. static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
  1059. int len, kek_len, ciphertext_len, plaintext_len;
  1060. unsigned char ciphertext[32], plaintext[16];
  1061. EVP_CIPHER *type = NULL;
  1062. if (nullprov != NULL)
  1063. return TEST_skip("Test does not support a non-default library context");
  1064. if (n == 0)
  1065. type = (EVP_CIPHER *)EVP_aes_256_cbc();
  1066. else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
  1067. testpropq)))
  1068. goto err;
  1069. if (!TEST_ptr(keypair = load_example_rsa_key())
  1070. || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
  1071. || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  1072. || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
  1073. &keypair, 1))
  1074. || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
  1075. msg, sizeof(msg)))
  1076. || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
  1077. &len)))
  1078. goto err;
  1079. ciphertext_len += len;
  1080. if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
  1081. || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
  1082. ciphertext, ciphertext_len))
  1083. || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
  1084. goto err;
  1085. plaintext_len += len;
  1086. if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
  1087. goto err;
  1088. ret = 1;
  1089. err:
  1090. if (n != 0)
  1091. EVP_CIPHER_free(type);
  1092. OPENSSL_free(kek);
  1093. EVP_PKEY_free(keypair);
  1094. EVP_CIPHER_CTX_free(ctx);
  1095. return ret;
  1096. }
  1097. /*
  1098. * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
  1099. * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
  1100. * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
  1101. * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
  1102. * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
  1103. * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
  1104. * Test 6: Use an MD BIO to do the Update calls instead (RSA)
  1105. * Test 7: Use an MD BIO to do the Update calls instead (DSA)
  1106. * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
  1107. * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
  1108. * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
  1109. * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
  1110. * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
  1111. * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
  1112. * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
  1113. * Test 15-29: Same as above with reinitialization
  1114. */
  1115. static int test_EVP_DigestSignInit(int tst)
  1116. {
  1117. int ret = 0;
  1118. EVP_PKEY *pkey = NULL;
  1119. unsigned char *sig = NULL, *sig2 = NULL;
  1120. size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
  1121. EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
  1122. EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
  1123. BIO *mdbio = NULL, *membio = NULL;
  1124. size_t written;
  1125. const EVP_MD *md;
  1126. EVP_MD *mdexp = NULL;
  1127. int reinit = 0;
  1128. if (nullprov != NULL)
  1129. return TEST_skip("Test does not support a non-default library context");
  1130. if (tst >= 15) {
  1131. reinit = 1;
  1132. tst -= 15;
  1133. }
  1134. if (tst >= 6 && tst <= 8) {
  1135. membio = BIO_new(BIO_s_mem());
  1136. mdbio = BIO_new(BIO_f_md());
  1137. if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
  1138. goto out;
  1139. BIO_push(mdbio, membio);
  1140. if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
  1141. goto out;
  1142. } else {
  1143. if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
  1144. || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
  1145. goto out;
  1146. }
  1147. if (tst % 3 == 0) {
  1148. if (!TEST_ptr(pkey = load_example_rsa_key()))
  1149. goto out;
  1150. } else if (tst % 3 == 1) {
  1151. #ifndef OPENSSL_NO_DSA
  1152. if (!TEST_ptr(pkey = load_example_dsa_key()))
  1153. goto out;
  1154. #else
  1155. ret = 1;
  1156. goto out;
  1157. #endif
  1158. } else {
  1159. if (!TEST_ptr(pkey = load_example_hmac_key()))
  1160. goto out;
  1161. }
  1162. if (tst >= 3 && tst <= 5)
  1163. md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
  1164. else
  1165. md = EVP_sha256();
  1166. if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
  1167. goto out;
  1168. if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
  1169. goto out;
  1170. if (tst >= 6 && tst <= 8) {
  1171. if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
  1172. goto out;
  1173. } else if (tst < 6) {
  1174. if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
  1175. goto out;
  1176. }
  1177. if (tst >= 9) {
  1178. /* Determine the size of the signature. */
  1179. if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
  1180. sizeof(kMsg)))
  1181. || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
  1182. goto out;
  1183. if (tst <= 11) {
  1184. /* Test that supply a short sig buffer fails */
  1185. if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
  1186. sizeof(kMsg))))
  1187. goto out;
  1188. /*
  1189. * We end here because once EVP_DigestSign() has failed you should
  1190. * not call it again without re-initing the ctx
  1191. */
  1192. ret = 1;
  1193. goto out;
  1194. }
  1195. if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
  1196. sizeof(kMsg))))
  1197. goto out;
  1198. } else {
  1199. /* Determine the size of the signature. */
  1200. if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
  1201. || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
  1202. /*
  1203. * Trying to create a signature with a deliberately short
  1204. * buffer should fail.
  1205. */
  1206. || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
  1207. || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
  1208. goto out;
  1209. }
  1210. /*
  1211. * Ensure that the signature round-trips (Verification isn't supported for
  1212. * HMAC via EVP_DigestVerify*)
  1213. */
  1214. if (tst % 3 != 2) {
  1215. if (tst >= 6 && tst <= 8) {
  1216. if (!TEST_int_gt(BIO_reset(mdbio), 0)
  1217. || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
  1218. goto out;
  1219. }
  1220. if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
  1221. NULL, pkey)))
  1222. goto out;
  1223. if (tst >= 6 && tst <= 8) {
  1224. if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
  1225. goto out;
  1226. } else {
  1227. if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
  1228. sizeof(kMsg))))
  1229. goto out;
  1230. }
  1231. if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
  1232. goto out;
  1233. /* Multiple calls to EVP_DigestVerifyFinal should work */
  1234. if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
  1235. goto out;
  1236. } else {
  1237. /*
  1238. * For HMAC a doubled call to DigestSignFinal should produce the same
  1239. * value as finalization should not happen.
  1240. */
  1241. if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
  1242. || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
  1243. || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
  1244. goto out;
  1245. if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
  1246. goto out;
  1247. }
  1248. ret = 1;
  1249. out:
  1250. BIO_free(membio);
  1251. BIO_free(mdbio);
  1252. EVP_MD_CTX_free(a_md_ctx);
  1253. EVP_MD_CTX_free(a_md_ctx_verify);
  1254. EVP_PKEY_free(pkey);
  1255. OPENSSL_free(sig);
  1256. OPENSSL_free(sig2);
  1257. EVP_MD_free(mdexp);
  1258. return ret;
  1259. }
  1260. static int test_EVP_DigestVerifyInit(void)
  1261. {
  1262. int ret = 0;
  1263. EVP_PKEY *pkey = NULL;
  1264. EVP_MD_CTX *md_ctx = NULL;
  1265. if (nullprov != NULL)
  1266. return TEST_skip("Test does not support a non-default library context");
  1267. if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
  1268. || !TEST_ptr(pkey = load_example_rsa_key()))
  1269. goto out;
  1270. if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
  1271. || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
  1272. || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
  1273. sizeof(kSignature)), 0))
  1274. goto out;
  1275. /* test with reinitialization */
  1276. if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
  1277. || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
  1278. || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
  1279. sizeof(kSignature)), 0))
  1280. goto out;
  1281. ret = 1;
  1282. out:
  1283. EVP_MD_CTX_free(md_ctx);
  1284. EVP_PKEY_free(pkey);
  1285. return ret;
  1286. }
  1287. #ifndef OPENSSL_NO_SIPHASH
  1288. /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
  1289. static int test_siphash_digestsign(void)
  1290. {
  1291. unsigned char key[16];
  1292. unsigned char buf[8], digest[8];
  1293. unsigned char expected[8] = {
  1294. 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
  1295. };
  1296. EVP_PKEY *pkey = NULL;
  1297. EVP_MD_CTX *mdctx = NULL;
  1298. EVP_PKEY_CTX *ctx = NULL;
  1299. int ret = 0;
  1300. size_t len = 8;
  1301. if (nullprov != NULL)
  1302. return TEST_skip("Test does not support a non-default library context");
  1303. memset(buf, 0, 8);
  1304. memset(key, 1, 16);
  1305. if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
  1306. key, 16)))
  1307. goto out;
  1308. if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
  1309. goto out;
  1310. if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
  1311. goto out;
  1312. if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
  1313. EVP_PKEY_CTRL_SET_DIGEST_SIZE,
  1314. 8, NULL), 1))
  1315. goto out;
  1316. /* reinitialize */
  1317. if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
  1318. goto out;
  1319. if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
  1320. goto out;
  1321. if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
  1322. goto out;
  1323. if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
  1324. goto out;
  1325. ret = 1;
  1326. out:
  1327. EVP_PKEY_free(pkey);
  1328. EVP_MD_CTX_free(mdctx);
  1329. return ret;
  1330. }
  1331. #endif
  1332. /*
  1333. * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
  1334. */
  1335. static int test_EVP_Digest(void)
  1336. {
  1337. int ret = 0;
  1338. EVP_MD_CTX *md_ctx = NULL;
  1339. unsigned char md[EVP_MAX_MD_SIZE];
  1340. EVP_MD *sha256 = NULL;
  1341. EVP_MD *shake256 = NULL;
  1342. if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
  1343. goto out;
  1344. if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
  1345. || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
  1346. goto out;
  1347. if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
  1348. || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
  1349. || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
  1350. /* EVP_DigestFinal resets the EVP_MD_CTX. */
  1351. || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
  1352. goto out;
  1353. if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
  1354. || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
  1355. || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
  1356. /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
  1357. || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
  1358. /*
  1359. * EVP_DigestInit_ex with NULL type should work on
  1360. * pre-initialized context.
  1361. */
  1362. || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
  1363. goto out;
  1364. if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
  1365. || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
  1366. || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
  1367. /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
  1368. || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
  1369. || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
  1370. goto out;
  1371. ret = 1;
  1372. out:
  1373. EVP_MD_CTX_free(md_ctx);
  1374. EVP_MD_free(sha256);
  1375. EVP_MD_free(shake256);
  1376. return ret;
  1377. }
  1378. static int test_EVP_md_null(void)
  1379. {
  1380. int ret = 0;
  1381. EVP_MD_CTX *md_ctx = NULL;
  1382. const EVP_MD *md_null = EVP_md_null();
  1383. unsigned char md_value[EVP_MAX_MD_SIZE];
  1384. unsigned int md_len = sizeof(md_value);
  1385. if (nullprov != NULL)
  1386. return TEST_skip("Test does not support a non-default library context");
  1387. if (!TEST_ptr(md_null)
  1388. || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
  1389. goto out;
  1390. if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
  1391. || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
  1392. || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
  1393. goto out;
  1394. if (!TEST_uint_eq(md_len, 0))
  1395. goto out;
  1396. ret = 1;
  1397. out:
  1398. EVP_MD_CTX_free(md_ctx);
  1399. return ret;
  1400. }
  1401. static int test_d2i_AutoPrivateKey(int i)
  1402. {
  1403. int ret = 0;
  1404. const unsigned char *p;
  1405. EVP_PKEY *pkey = NULL;
  1406. const APK_DATA *ak = &keydata[i];
  1407. const unsigned char *input = ak->kder;
  1408. size_t input_len = ak->size;
  1409. int expected_id = ak->evptype;
  1410. p = input;
  1411. if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
  1412. || !TEST_ptr_eq(p, input + input_len)
  1413. || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
  1414. goto done;
  1415. ret = 1;
  1416. done:
  1417. EVP_PKEY_free(pkey);
  1418. return ret;
  1419. }
  1420. #ifndef OPENSSL_NO_EC
  1421. static const unsigned char ec_public_sect163k1_validxy[] = {
  1422. 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  1423. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
  1424. 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
  1425. 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
  1426. 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
  1427. 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
  1428. };
  1429. static const unsigned char ec_public_sect163k1_badx[] = {
  1430. 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  1431. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
  1432. 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
  1433. 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
  1434. 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
  1435. 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
  1436. };
  1437. static const unsigned char ec_public_sect163k1_bady[] = {
  1438. 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  1439. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
  1440. 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
  1441. 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
  1442. 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
  1443. 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
  1444. };
  1445. static struct ec_der_pub_keys_st {
  1446. const unsigned char *der;
  1447. size_t len;
  1448. int valid;
  1449. } ec_der_pub_keys[] = {
  1450. { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
  1451. { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
  1452. { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
  1453. };
  1454. /*
  1455. * Tests the range of the decoded EC char2 public point.
  1456. * See ec_GF2m_simple_oct2point().
  1457. */
  1458. static int test_invalide_ec_char2_pub_range_decode(int id)
  1459. {
  1460. int ret = 0;
  1461. EVP_PKEY *pkey;
  1462. pkey = load_example_key("EC", ec_der_pub_keys[id].der,
  1463. ec_der_pub_keys[id].len);
  1464. ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
  1465. || TEST_ptr_null(pkey);
  1466. EVP_PKEY_free(pkey);
  1467. return ret;
  1468. }
  1469. /* Tests loading a bad key in PKCS8 format */
  1470. static int test_EVP_PKCS82PKEY(void)
  1471. {
  1472. int ret = 0;
  1473. const unsigned char *derp = kExampleBadECKeyDER;
  1474. PKCS8_PRIV_KEY_INFO *p8inf = NULL;
  1475. EVP_PKEY *pkey = NULL;
  1476. if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
  1477. sizeof(kExampleBadECKeyDER))))
  1478. goto done;
  1479. if (!TEST_ptr_eq(derp,
  1480. kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
  1481. goto done;
  1482. if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
  1483. goto done;
  1484. ret = 1;
  1485. done:
  1486. PKCS8_PRIV_KEY_INFO_free(p8inf);
  1487. EVP_PKEY_free(pkey);
  1488. return ret;
  1489. }
  1490. #endif
  1491. static int test_EVP_PKCS82PKEY_wrong_tag(void)
  1492. {
  1493. EVP_PKEY *pkey = NULL;
  1494. EVP_PKEY *pkey2 = NULL;
  1495. BIO *membio = NULL;
  1496. char *membuf = NULL;
  1497. PKCS8_PRIV_KEY_INFO *p8inf = NULL;
  1498. int ok = 0;
  1499. if (testctx != NULL)
  1500. /* test not supported with non-default context */
  1501. return 1;
  1502. if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
  1503. || !TEST_ptr(pkey = load_example_rsa_key())
  1504. || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
  1505. NULL, 0, NULL, NULL),
  1506. 0)
  1507. || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
  1508. || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
  1509. || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
  1510. || !TEST_int_eq(ERR_peek_last_error(), 0)) {
  1511. goto done;
  1512. }
  1513. ok = 1;
  1514. done:
  1515. EVP_PKEY_free(pkey);
  1516. EVP_PKEY_free(pkey2);
  1517. PKCS8_PRIV_KEY_INFO_free(p8inf);
  1518. BIO_free_all(membio);
  1519. return ok;
  1520. }
  1521. /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
  1522. static int test_privatekey_to_pkcs8(void)
  1523. {
  1524. EVP_PKEY *pkey = NULL;
  1525. BIO *membio = NULL;
  1526. char *membuf = NULL;
  1527. long membuf_len = 0;
  1528. int ok = 0;
  1529. if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
  1530. || !TEST_ptr(pkey = load_example_rsa_key())
  1531. || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
  1532. NULL, 0, NULL, NULL),
  1533. 0)
  1534. || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
  1535. || !TEST_ptr(membuf)
  1536. || !TEST_mem_eq(membuf, (size_t)membuf_len,
  1537. kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
  1538. /*
  1539. * We try to write PEM as well, just to see that it doesn't err, but
  1540. * assume that the result is correct.
  1541. */
  1542. || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
  1543. NULL, 0, NULL, NULL),
  1544. 0))
  1545. goto done;
  1546. ok = 1;
  1547. done:
  1548. EVP_PKEY_free(pkey);
  1549. BIO_free_all(membio);
  1550. return ok;
  1551. }
  1552. #ifndef OPENSSL_NO_EC
  1553. static const struct {
  1554. int encoding;
  1555. const char *encoding_name;
  1556. } ec_encodings[] = {
  1557. { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
  1558. { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
  1559. };
  1560. static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
  1561. {
  1562. const OSSL_PARAM *p;
  1563. const char *enc_name = NULL;
  1564. int *enc = arg;
  1565. size_t i;
  1566. *enc = -1;
  1567. if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
  1568. OSSL_PKEY_PARAM_EC_ENCODING))
  1569. || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
  1570. return 0;
  1571. for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
  1572. if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
  1573. *enc = ec_encodings[i].encoding;
  1574. break;
  1575. }
  1576. }
  1577. return (*enc != -1);
  1578. }
  1579. static int test_EC_keygen_with_enc(int idx)
  1580. {
  1581. EVP_PKEY *params = NULL, *key = NULL;
  1582. EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
  1583. int enc;
  1584. int ret = 0;
  1585. enc = ec_encodings[idx].encoding;
  1586. /* Create key parameters */
  1587. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
  1588. || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
  1589. || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
  1590. || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
  1591. || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
  1592. || !TEST_ptr(params))
  1593. goto done;
  1594. /* Create key */
  1595. if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
  1596. || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
  1597. || !TEST_true(EVP_PKEY_keygen(kctx, &key))
  1598. || !TEST_ptr(key))
  1599. goto done;
  1600. /* Check that the encoding got all the way into the key */
  1601. if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
  1602. ec_export_get_encoding_cb, &enc))
  1603. || !TEST_int_eq(enc, ec_encodings[idx].encoding))
  1604. goto done;
  1605. ret = 1;
  1606. done:
  1607. EVP_PKEY_free(key);
  1608. EVP_PKEY_free(params);
  1609. EVP_PKEY_CTX_free(kctx);
  1610. EVP_PKEY_CTX_free(pctx);
  1611. return ret;
  1612. }
  1613. #endif
  1614. #if !defined(OPENSSL_NO_SM2)
  1615. static int test_EVP_SM2_verify(void)
  1616. {
  1617. const char *pubkey =
  1618. "-----BEGIN PUBLIC KEY-----\n"
  1619. "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
  1620. "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
  1621. "-----END PUBLIC KEY-----\n";
  1622. const char *msg = "message digest";
  1623. const char *id = "ALICE123@YAHOO.COM";
  1624. const uint8_t signature[] = {
  1625. 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
  1626. 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
  1627. 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
  1628. 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
  1629. 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
  1630. 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
  1631. 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
  1632. };
  1633. int rc = 0;
  1634. BIO *bio = NULL;
  1635. EVP_PKEY *pkey = NULL;
  1636. EVP_MD_CTX *mctx = NULL;
  1637. EVP_PKEY_CTX *pctx = NULL;
  1638. EVP_MD *sm3 = NULL;
  1639. bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
  1640. if (!TEST_true(bio != NULL))
  1641. goto done;
  1642. pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
  1643. if (!TEST_true(pkey != NULL))
  1644. goto done;
  1645. if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
  1646. goto done;
  1647. if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
  1648. goto done;
  1649. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
  1650. goto done;
  1651. EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
  1652. if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
  1653. goto done;
  1654. if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
  1655. goto done;
  1656. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
  1657. goto done;
  1658. if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
  1659. goto done;
  1660. if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
  1661. goto done;
  1662. rc = 1;
  1663. done:
  1664. BIO_free(bio);
  1665. EVP_PKEY_free(pkey);
  1666. EVP_PKEY_CTX_free(pctx);
  1667. EVP_MD_CTX_free(mctx);
  1668. EVP_MD_free(sm3);
  1669. return rc;
  1670. }
  1671. static int test_EVP_SM2(void)
  1672. {
  1673. int ret = 0;
  1674. EVP_PKEY *pkey = NULL;
  1675. EVP_PKEY *pkeyparams = NULL;
  1676. EVP_PKEY_CTX *pctx = NULL;
  1677. EVP_PKEY_CTX *kctx = NULL;
  1678. EVP_PKEY_CTX *sctx = NULL;
  1679. size_t sig_len = 0;
  1680. unsigned char *sig = NULL;
  1681. EVP_MD_CTX *md_ctx = NULL;
  1682. EVP_MD_CTX *md_ctx_verify = NULL;
  1683. EVP_PKEY_CTX *cctx = NULL;
  1684. EVP_MD *check_md = NULL;
  1685. uint8_t ciphertext[128];
  1686. size_t ctext_len = sizeof(ciphertext);
  1687. uint8_t plaintext[8];
  1688. size_t ptext_len = sizeof(plaintext);
  1689. uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
  1690. OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
  1691. OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
  1692. int i;
  1693. char mdname[OSSL_MAX_NAME_SIZE];
  1694. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
  1695. "SM2", testpropq)))
  1696. goto done;
  1697. if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
  1698. goto done;
  1699. if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
  1700. goto done;
  1701. if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
  1702. goto done;
  1703. if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
  1704. pkeyparams, testpropq)))
  1705. goto done;
  1706. if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
  1707. goto done;
  1708. if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
  1709. goto done;
  1710. if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
  1711. goto done;
  1712. if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
  1713. goto done;
  1714. if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
  1715. goto done;
  1716. EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
  1717. EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
  1718. if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
  1719. goto done;
  1720. if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
  1721. goto done;
  1722. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
  1723. goto done;
  1724. if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
  1725. goto done;
  1726. /* Determine the size of the signature. */
  1727. if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
  1728. goto done;
  1729. if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
  1730. goto done;
  1731. if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
  1732. goto done;
  1733. /* Ensure that the signature round-trips. */
  1734. if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
  1735. pkey)))
  1736. goto done;
  1737. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
  1738. goto done;
  1739. if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
  1740. goto done;
  1741. if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
  1742. goto done;
  1743. /*
  1744. * Try verify again with non-matching 0 length id but ensure that it can
  1745. * be set on the context and overrides the previous value.
  1746. */
  1747. if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
  1748. pkey)))
  1749. goto done;
  1750. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
  1751. goto done;
  1752. if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
  1753. goto done;
  1754. if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
  1755. goto done;
  1756. /* now check encryption/decryption */
  1757. gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
  1758. mdname, sizeof(mdname));
  1759. for (i = 0; i < 2; i++) {
  1760. const char *mdnames[] = {
  1761. #ifndef OPENSSL_NO_SM3
  1762. "SM3",
  1763. #else
  1764. NULL,
  1765. #endif
  1766. "SHA2-256" };
  1767. EVP_PKEY_CTX_free(cctx);
  1768. if (mdnames[i] == NULL)
  1769. continue;
  1770. sparams[0] =
  1771. OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
  1772. (char *)mdnames[i], 0);
  1773. if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
  1774. pkey, testpropq)))
  1775. goto done;
  1776. if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
  1777. goto done;
  1778. if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
  1779. goto done;
  1780. if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
  1781. sizeof(kMsg))))
  1782. goto done;
  1783. if (!TEST_true(EVP_PKEY_decrypt_init(cctx)))
  1784. goto done;
  1785. if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
  1786. goto done;
  1787. if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
  1788. ctext_len), 0))
  1789. goto done;
  1790. if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
  1791. goto done;
  1792. /*
  1793. * Test we're still using the digest we think we are.
  1794. * Because of aliases, the easiest is to fetch the digest and
  1795. * check the name with EVP_MD_is_a().
  1796. */
  1797. EVP_MD_free(check_md);
  1798. if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
  1799. goto done;
  1800. if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
  1801. TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
  1802. goto done;
  1803. }
  1804. if (!TEST_true(ptext_len == sizeof(kMsg)))
  1805. goto done;
  1806. if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
  1807. goto done;
  1808. }
  1809. ret = 1;
  1810. done:
  1811. EVP_PKEY_CTX_free(pctx);
  1812. EVP_PKEY_CTX_free(kctx);
  1813. EVP_PKEY_CTX_free(sctx);
  1814. EVP_PKEY_CTX_free(cctx);
  1815. EVP_PKEY_free(pkey);
  1816. EVP_PKEY_free(pkeyparams);
  1817. EVP_MD_CTX_free(md_ctx);
  1818. EVP_MD_CTX_free(md_ctx_verify);
  1819. EVP_MD_free(check_md);
  1820. OPENSSL_free(sig);
  1821. return ret;
  1822. }
  1823. #endif
  1824. static struct keys_st {
  1825. int type;
  1826. char *priv;
  1827. char *pub;
  1828. } keys[] = {
  1829. {
  1830. EVP_PKEY_HMAC, "0123456789", NULL
  1831. },
  1832. {
  1833. EVP_PKEY_HMAC, "", NULL
  1834. #ifndef OPENSSL_NO_POLY1305
  1835. }, {
  1836. EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
  1837. #endif
  1838. #ifndef OPENSSL_NO_SIPHASH
  1839. }, {
  1840. EVP_PKEY_SIPHASH, "0123456789012345", NULL
  1841. #endif
  1842. },
  1843. #ifndef OPENSSL_NO_EC
  1844. {
  1845. EVP_PKEY_X25519, "01234567890123456789012345678901",
  1846. "abcdefghijklmnopqrstuvwxyzabcdef"
  1847. }, {
  1848. EVP_PKEY_ED25519, "01234567890123456789012345678901",
  1849. "abcdefghijklmnopqrstuvwxyzabcdef"
  1850. }, {
  1851. EVP_PKEY_X448,
  1852. "01234567890123456789012345678901234567890123456789012345",
  1853. "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
  1854. }, {
  1855. EVP_PKEY_ED448,
  1856. "012345678901234567890123456789012345678901234567890123456",
  1857. "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
  1858. }
  1859. #endif
  1860. };
  1861. static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
  1862. {
  1863. int ret = 0;
  1864. unsigned char buf[80];
  1865. unsigned char *in;
  1866. size_t inlen, len = 0, shortlen = 1;
  1867. EVP_PKEY *pkey;
  1868. /* Check if this algorithm supports public keys */
  1869. if (pub && keys[tst].pub == NULL)
  1870. return 1;
  1871. memset(buf, 0, sizeof(buf));
  1872. if (pub) {
  1873. #ifndef OPENSSL_NO_EC
  1874. inlen = strlen(keys[tst].pub);
  1875. in = (unsigned char *)keys[tst].pub;
  1876. if (uselibctx) {
  1877. pkey = EVP_PKEY_new_raw_public_key_ex(
  1878. testctx,
  1879. OBJ_nid2sn(keys[tst].type),
  1880. NULL,
  1881. in,
  1882. inlen);
  1883. } else {
  1884. pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
  1885. NULL,
  1886. in,
  1887. inlen);
  1888. }
  1889. #else
  1890. return 1;
  1891. #endif
  1892. } else {
  1893. inlen = strlen(keys[tst].priv);
  1894. in = (unsigned char *)keys[tst].priv;
  1895. if (uselibctx) {
  1896. pkey = EVP_PKEY_new_raw_private_key_ex(
  1897. testctx, OBJ_nid2sn(keys[tst].type),
  1898. NULL,
  1899. in,
  1900. inlen);
  1901. } else {
  1902. pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
  1903. NULL,
  1904. in,
  1905. inlen);
  1906. }
  1907. }
  1908. if (!TEST_ptr(pkey)
  1909. || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
  1910. || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
  1911. || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
  1912. || !TEST_true(len == inlen))
  1913. goto done;
  1914. if (tst != 1) {
  1915. /*
  1916. * Test that supplying a buffer that is too small fails. Doesn't apply
  1917. * to HMAC with a zero length key
  1918. */
  1919. if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
  1920. &shortlen)))
  1921. || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
  1922. &shortlen))))
  1923. goto done;
  1924. }
  1925. if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
  1926. || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
  1927. || !TEST_mem_eq(in, inlen, buf, len))
  1928. goto done;
  1929. ret = 1;
  1930. done:
  1931. EVP_PKEY_free(pkey);
  1932. return ret;
  1933. }
  1934. static int test_set_get_raw_keys(int tst)
  1935. {
  1936. return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
  1937. && test_set_get_raw_keys_int(tst, 0, 1)
  1938. && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
  1939. && test_set_get_raw_keys_int(tst, 1, 1);
  1940. }
  1941. #ifndef OPENSSL_NO_DEPRECATED_3_0
  1942. static int pkey_custom_check(EVP_PKEY *pkey)
  1943. {
  1944. return 0xbeef;
  1945. }
  1946. static int pkey_custom_pub_check(EVP_PKEY *pkey)
  1947. {
  1948. return 0xbeef;
  1949. }
  1950. static int pkey_custom_param_check(EVP_PKEY *pkey)
  1951. {
  1952. return 0xbeef;
  1953. }
  1954. static EVP_PKEY_METHOD *custom_pmeth;
  1955. #endif
  1956. static int test_EVP_PKEY_check(int i)
  1957. {
  1958. int ret = 0;
  1959. EVP_PKEY *pkey = NULL;
  1960. EVP_PKEY_CTX *ctx = NULL;
  1961. #ifndef OPENSSL_NO_DEPRECATED_3_0
  1962. EVP_PKEY_CTX *ctx2 = NULL;
  1963. #endif
  1964. const APK_DATA *ak = &keycheckdata[i];
  1965. const unsigned char *input = ak->kder;
  1966. size_t input_len = ak->size;
  1967. int expected_id = ak->evptype;
  1968. int expected_check = ak->check;
  1969. int expected_pub_check = ak->pub_check;
  1970. int expected_param_check = ak->param_check;
  1971. int type = ak->type;
  1972. if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
  1973. goto done;
  1974. if (type == 0
  1975. && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
  1976. goto done;
  1977. if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
  1978. goto done;
  1979. if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
  1980. goto done;
  1981. if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
  1982. goto done;
  1983. if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
  1984. goto done;
  1985. #ifndef OPENSSL_NO_DEPRECATED_3_0
  1986. ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
  1987. /* assign the pkey directly, as an internal test */
  1988. EVP_PKEY_up_ref(pkey);
  1989. ctx2->pkey = pkey;
  1990. if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
  1991. goto done;
  1992. if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
  1993. goto done;
  1994. if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
  1995. goto done;
  1996. #endif
  1997. ret = 1;
  1998. done:
  1999. EVP_PKEY_CTX_free(ctx);
  2000. #ifndef OPENSSL_NO_DEPRECATED_3_0
  2001. EVP_PKEY_CTX_free(ctx2);
  2002. #endif
  2003. EVP_PKEY_free(pkey);
  2004. return ret;
  2005. }
  2006. #ifndef OPENSSL_NO_CMAC
  2007. static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
  2008. {
  2009. EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
  2010. const char msg[] = "Hello World";
  2011. size_t maclen = AES_BLOCK_SIZE;
  2012. int ret = 1;
  2013. if (!TEST_ptr(mdctx)
  2014. || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
  2015. testpropq, pkey, NULL))
  2016. || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
  2017. || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
  2018. || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
  2019. ret = 0;
  2020. EVP_MD_CTX_free(mdctx);
  2021. return ret;
  2022. }
  2023. static int test_CMAC_keygen(void)
  2024. {
  2025. static unsigned char key[] = {
  2026. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  2027. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  2028. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
  2029. };
  2030. EVP_PKEY_CTX *kctx = NULL;
  2031. int ret = 0;
  2032. EVP_PKEY *pkey = NULL;
  2033. unsigned char mac[AES_BLOCK_SIZE];
  2034. # if !defined(OPENSSL_NO_DEPRECATED_3_0)
  2035. unsigned char mac2[AES_BLOCK_SIZE];
  2036. # endif
  2037. if (nullprov != NULL)
  2038. return TEST_skip("Test does not support a non-default library context");
  2039. /*
  2040. * This is a legacy method for CMACs, but should still work.
  2041. * This verifies that it works without an ENGINE.
  2042. */
  2043. kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
  2044. /* Test a CMAC key created using the "generated" method */
  2045. if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
  2046. || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
  2047. EVP_PKEY_CTRL_CIPHER,
  2048. 0, (void *)EVP_aes_256_cbc()), 0)
  2049. || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
  2050. EVP_PKEY_CTRL_SET_MAC_KEY,
  2051. sizeof(key), (void *)key), 0)
  2052. || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
  2053. || !TEST_ptr(pkey)
  2054. || !TEST_true(get_cmac_val(pkey, mac)))
  2055. goto done;
  2056. # if !defined(OPENSSL_NO_DEPRECATED_3_0)
  2057. EVP_PKEY_free(pkey);
  2058. /*
  2059. * Test a CMAC key using the direct method, and compare with the mac
  2060. * created above.
  2061. */
  2062. pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
  2063. if (!TEST_ptr(pkey)
  2064. || !TEST_true(get_cmac_val(pkey, mac2))
  2065. || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
  2066. goto done;
  2067. # endif
  2068. ret = 1;
  2069. done:
  2070. EVP_PKEY_free(pkey);
  2071. EVP_PKEY_CTX_free(kctx);
  2072. return ret;
  2073. }
  2074. #endif
  2075. static int test_HKDF(void)
  2076. {
  2077. EVP_PKEY_CTX *pctx;
  2078. unsigned char out[20];
  2079. size_t outlen;
  2080. int i, ret = 0;
  2081. unsigned char salt[] = "0123456789";
  2082. unsigned char key[] = "012345678901234567890123456789";
  2083. unsigned char info[] = "infostring";
  2084. const unsigned char expected[] = {
  2085. 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
  2086. 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
  2087. };
  2088. size_t expectedlen = sizeof(expected);
  2089. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
  2090. goto done;
  2091. /* We do this twice to test reuse of the EVP_PKEY_CTX */
  2092. for (i = 0; i < 2; i++) {
  2093. outlen = sizeof(out);
  2094. memset(out, 0, outlen);
  2095. if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
  2096. || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
  2097. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
  2098. sizeof(salt) - 1), 0)
  2099. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
  2100. sizeof(key) - 1), 0)
  2101. || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
  2102. sizeof(info) - 1), 0)
  2103. || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
  2104. || !TEST_mem_eq(out, outlen, expected, expectedlen))
  2105. goto done;
  2106. }
  2107. ret = 1;
  2108. done:
  2109. EVP_PKEY_CTX_free(pctx);
  2110. return ret;
  2111. }
  2112. static int test_emptyikm_HKDF(void)
  2113. {
  2114. EVP_PKEY_CTX *pctx;
  2115. unsigned char out[20];
  2116. size_t outlen;
  2117. int ret = 0;
  2118. unsigned char salt[] = "9876543210";
  2119. unsigned char key[] = "";
  2120. unsigned char info[] = "stringinfo";
  2121. const unsigned char expected[] = {
  2122. 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
  2123. 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
  2124. };
  2125. size_t expectedlen = sizeof(expected);
  2126. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
  2127. goto done;
  2128. outlen = sizeof(out);
  2129. memset(out, 0, outlen);
  2130. if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
  2131. || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
  2132. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
  2133. sizeof(salt) - 1), 0)
  2134. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
  2135. sizeof(key) - 1), 0)
  2136. || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
  2137. sizeof(info) - 1), 0)
  2138. || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
  2139. || !TEST_mem_eq(out, outlen, expected, expectedlen))
  2140. goto done;
  2141. ret = 1;
  2142. done:
  2143. EVP_PKEY_CTX_free(pctx);
  2144. return ret;
  2145. }
  2146. #ifndef OPENSSL_NO_EC
  2147. static int test_X509_PUBKEY_inplace(void)
  2148. {
  2149. int ret = 0;
  2150. X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
  2151. const unsigned char *p = kExampleECPubKeyDER;
  2152. size_t input_len = sizeof(kExampleECPubKeyDER);
  2153. if (!TEST_ptr(xp))
  2154. goto done;
  2155. if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
  2156. goto done;
  2157. if (!TEST_ptr(X509_PUBKEY_get0(xp)))
  2158. goto done;
  2159. p = kExampleBadECPubKeyDER;
  2160. input_len = sizeof(kExampleBadECPubKeyDER);
  2161. if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
  2162. goto done;
  2163. if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
  2164. goto done;
  2165. ret = 1;
  2166. done:
  2167. X509_PUBKEY_free(xp);
  2168. return ret;
  2169. }
  2170. static int test_X509_PUBKEY_dup(void)
  2171. {
  2172. int ret = 0;
  2173. X509_PUBKEY *xp = NULL, *xq = NULL;
  2174. const unsigned char *p = kExampleECPubKeyDER;
  2175. size_t input_len = sizeof(kExampleECPubKeyDER);
  2176. xp = X509_PUBKEY_new_ex(testctx, testpropq);
  2177. if (!TEST_ptr(xp)
  2178. || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
  2179. || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
  2180. || !TEST_ptr_ne(xp, xq))
  2181. goto done;
  2182. if (!TEST_ptr(X509_PUBKEY_get0(xq))
  2183. || !TEST_ptr(X509_PUBKEY_get0(xp))
  2184. || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
  2185. goto done;
  2186. X509_PUBKEY_free(xq);
  2187. xq = NULL;
  2188. p = kExampleBadECPubKeyDER;
  2189. input_len = sizeof(kExampleBadECPubKeyDER);
  2190. if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
  2191. || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
  2192. goto done;
  2193. X509_PUBKEY_free(xp);
  2194. xp = NULL;
  2195. if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
  2196. goto done;
  2197. ret = 1;
  2198. done:
  2199. X509_PUBKEY_free(xp);
  2200. X509_PUBKEY_free(xq);
  2201. return ret;
  2202. }
  2203. #endif /* OPENSSL_NO_EC */
  2204. /* Test getting and setting parameters on an EVP_PKEY_CTX */
  2205. static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
  2206. {
  2207. EVP_MD_CTX *mdctx = NULL;
  2208. EVP_PKEY_CTX *ctx = NULL;
  2209. const OSSL_PARAM *params;
  2210. OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
  2211. int ret = 0;
  2212. const EVP_MD *md;
  2213. char mdname[OSSL_MAX_NAME_SIZE];
  2214. char ssl3ms[48];
  2215. /* Initialise a sign operation */
  2216. ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
  2217. if (!TEST_ptr(ctx)
  2218. || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
  2219. goto err;
  2220. /*
  2221. * We should be able to query the parameters now.
  2222. */
  2223. params = EVP_PKEY_CTX_settable_params(ctx);
  2224. if (!TEST_ptr(params)
  2225. || !TEST_ptr(OSSL_PARAM_locate_const(params,
  2226. OSSL_SIGNATURE_PARAM_DIGEST)))
  2227. goto err;
  2228. params = EVP_PKEY_CTX_gettable_params(ctx);
  2229. if (!TEST_ptr(params)
  2230. || !TEST_ptr(OSSL_PARAM_locate_const(params,
  2231. OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
  2232. || !TEST_ptr(OSSL_PARAM_locate_const(params,
  2233. OSSL_SIGNATURE_PARAM_DIGEST)))
  2234. goto err;
  2235. /*
  2236. * Test getting and setting params via EVP_PKEY_CTX_set_params() and
  2237. * EVP_PKEY_CTX_get_params()
  2238. */
  2239. strcpy(mdname, "SHA512");
  2240. param_md = param;
  2241. *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
  2242. mdname, 0);
  2243. *param++ = OSSL_PARAM_construct_end();
  2244. if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
  2245. goto err;
  2246. mdname[0] = '\0';
  2247. *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
  2248. mdname, sizeof(mdname));
  2249. if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
  2250. || !TEST_str_eq(mdname, "SHA512"))
  2251. goto err;
  2252. /*
  2253. * Test the TEST_PKEY_CTX_set_signature_md() and
  2254. * TEST_PKEY_CTX_get_signature_md() functions
  2255. */
  2256. if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
  2257. || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
  2258. || !TEST_ptr_eq(md, EVP_sha256()))
  2259. goto err;
  2260. /*
  2261. * Test getting MD parameters via an associated EVP_PKEY_CTX
  2262. */
  2263. mdctx = EVP_MD_CTX_new();
  2264. if (!TEST_ptr(mdctx)
  2265. || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
  2266. pkey, NULL)))
  2267. goto err;
  2268. /*
  2269. * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
  2270. * able to obtain the digest's settable parameters from the provider.
  2271. */
  2272. params = EVP_MD_CTX_settable_params(mdctx);
  2273. if (!TEST_ptr(params)
  2274. || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
  2275. /* The final key should be NULL */
  2276. || !TEST_ptr_null(params[1].key))
  2277. goto err;
  2278. param = ourparams;
  2279. memset(ssl3ms, 0, sizeof(ssl3ms));
  2280. *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
  2281. ssl3ms, sizeof(ssl3ms));
  2282. *param++ = OSSL_PARAM_construct_end();
  2283. if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
  2284. goto err;
  2285. ret = 1;
  2286. err:
  2287. EVP_MD_CTX_free(mdctx);
  2288. EVP_PKEY_CTX_free(ctx);
  2289. return ret;
  2290. }
  2291. #ifndef OPENSSL_NO_DSA
  2292. static int test_DSA_get_set_params(void)
  2293. {
  2294. OSSL_PARAM_BLD *bld = NULL;
  2295. OSSL_PARAM *params = NULL;
  2296. BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
  2297. EVP_PKEY_CTX *pctx = NULL;
  2298. EVP_PKEY *pkey = NULL;
  2299. int ret = 0;
  2300. /*
  2301. * Setup the parameters for our DSA object. For our purposes they don't
  2302. * have to actually be *valid* parameters. We just need to set something.
  2303. */
  2304. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
  2305. || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
  2306. || !TEST_ptr(p = BN_new())
  2307. || !TEST_ptr(q = BN_new())
  2308. || !TEST_ptr(g = BN_new())
  2309. || !TEST_ptr(pub = BN_new())
  2310. || !TEST_ptr(priv = BN_new()))
  2311. goto err;
  2312. if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
  2313. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
  2314. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
  2315. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
  2316. pub))
  2317. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
  2318. priv)))
  2319. goto err;
  2320. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
  2321. goto err;
  2322. if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
  2323. || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
  2324. params), 0))
  2325. goto err;
  2326. if (!TEST_ptr(pkey))
  2327. goto err;
  2328. ret = test_EVP_PKEY_CTX_get_set_params(pkey);
  2329. err:
  2330. EVP_PKEY_free(pkey);
  2331. EVP_PKEY_CTX_free(pctx);
  2332. OSSL_PARAM_free(params);
  2333. OSSL_PARAM_BLD_free(bld);
  2334. BN_free(p);
  2335. BN_free(q);
  2336. BN_free(g);
  2337. BN_free(pub);
  2338. BN_free(priv);
  2339. return ret;
  2340. }
  2341. /*
  2342. * Test combinations of private, public, missing and private + public key
  2343. * params to ensure they are all accepted
  2344. */
  2345. static int test_DSA_priv_pub(void)
  2346. {
  2347. return test_EVP_PKEY_ffc_priv_pub("DSA");
  2348. }
  2349. #endif /* !OPENSSL_NO_DSA */
  2350. static int test_RSA_get_set_params(void)
  2351. {
  2352. OSSL_PARAM_BLD *bld = NULL;
  2353. OSSL_PARAM *params = NULL;
  2354. BIGNUM *n = NULL, *e = NULL, *d = NULL;
  2355. EVP_PKEY_CTX *pctx = NULL;
  2356. EVP_PKEY *pkey = NULL;
  2357. int ret = 0;
  2358. /*
  2359. * Setup the parameters for our RSA object. For our purposes they don't
  2360. * have to actually be *valid* parameters. We just need to set something.
  2361. */
  2362. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
  2363. || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
  2364. || !TEST_ptr(n = BN_new())
  2365. || !TEST_ptr(e = BN_new())
  2366. || !TEST_ptr(d = BN_new()))
  2367. goto err;
  2368. if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
  2369. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
  2370. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
  2371. goto err;
  2372. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
  2373. goto err;
  2374. if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
  2375. || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
  2376. params), 0))
  2377. goto err;
  2378. if (!TEST_ptr(pkey))
  2379. goto err;
  2380. ret = test_EVP_PKEY_CTX_get_set_params(pkey);
  2381. err:
  2382. EVP_PKEY_free(pkey);
  2383. EVP_PKEY_CTX_free(pctx);
  2384. OSSL_PARAM_free(params);
  2385. OSSL_PARAM_BLD_free(bld);
  2386. BN_free(n);
  2387. BN_free(e);
  2388. BN_free(d);
  2389. return ret;
  2390. }
  2391. static int test_RSA_OAEP_set_get_params(void)
  2392. {
  2393. int ret = 0;
  2394. EVP_PKEY *key = NULL;
  2395. EVP_PKEY_CTX *key_ctx = NULL;
  2396. if (nullprov != NULL)
  2397. return TEST_skip("Test does not support a non-default library context");
  2398. if (!TEST_ptr(key = load_example_rsa_key())
  2399. || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
  2400. goto err;
  2401. {
  2402. int padding = RSA_PKCS1_OAEP_PADDING;
  2403. OSSL_PARAM params[4];
  2404. params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
  2405. params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
  2406. OSSL_DIGEST_NAME_SHA2_256, 0);
  2407. params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
  2408. OSSL_DIGEST_NAME_SHA1, 0);
  2409. params[3] = OSSL_PARAM_construct_end();
  2410. if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
  2411. goto err;
  2412. }
  2413. {
  2414. OSSL_PARAM params[3];
  2415. char oaepmd[30] = { '\0' };
  2416. char mgf1md[30] = { '\0' };
  2417. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
  2418. oaepmd, sizeof(oaepmd));
  2419. params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
  2420. mgf1md, sizeof(mgf1md));
  2421. params[2] = OSSL_PARAM_construct_end();
  2422. if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
  2423. goto err;
  2424. if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
  2425. || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
  2426. goto err;
  2427. }
  2428. ret = 1;
  2429. err:
  2430. EVP_PKEY_free(key);
  2431. EVP_PKEY_CTX_free(key_ctx);
  2432. return ret;
  2433. }
  2434. #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  2435. static int test_decrypt_null_chunks(void)
  2436. {
  2437. EVP_CIPHER_CTX* ctx = NULL;
  2438. EVP_CIPHER *cipher = NULL;
  2439. const unsigned char key[32] = {
  2440. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  2441. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  2442. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
  2443. };
  2444. unsigned char iv[12] = {
  2445. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
  2446. };
  2447. unsigned char msg[] = "It was the best of times, it was the worst of times";
  2448. unsigned char ciphertext[80];
  2449. unsigned char plaintext[80];
  2450. /* We initialise tmp to a non zero value on purpose */
  2451. int ctlen, ptlen, tmp = 99;
  2452. int ret = 0;
  2453. const int enc_offset = 10, dec_offset = 20;
  2454. if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
  2455. || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  2456. || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
  2457. key, iv))
  2458. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
  2459. enc_offset))
  2460. /* Deliberate add a zero length update */
  2461. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
  2462. 0))
  2463. || !TEST_int_eq(tmp, 0)
  2464. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
  2465. msg + enc_offset,
  2466. sizeof(msg) - enc_offset))
  2467. || !TEST_int_eq(ctlen += tmp, sizeof(msg))
  2468. || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
  2469. || !TEST_int_eq(tmp, 0))
  2470. goto err;
  2471. /* Deliberately initialise tmp to a non zero value */
  2472. tmp = 99;
  2473. if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
  2474. || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
  2475. dec_offset))
  2476. /*
  2477. * Deliberately add a zero length update. We also deliberately do
  2478. * this at a different offset than for encryption.
  2479. */
  2480. || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
  2481. 0))
  2482. || !TEST_int_eq(tmp, 0)
  2483. || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
  2484. ciphertext + dec_offset,
  2485. ctlen - dec_offset))
  2486. || !TEST_int_eq(ptlen += tmp, sizeof(msg))
  2487. || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
  2488. || !TEST_int_eq(tmp, 0)
  2489. || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
  2490. goto err;
  2491. ret = 1;
  2492. err:
  2493. EVP_CIPHER_CTX_free(ctx);
  2494. EVP_CIPHER_free(cipher);
  2495. return ret;
  2496. }
  2497. #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
  2498. #ifndef OPENSSL_NO_DH
  2499. /*
  2500. * Test combinations of private, public, missing and private + public key
  2501. * params to ensure they are all accepted
  2502. */
  2503. static int test_DH_priv_pub(void)
  2504. {
  2505. return test_EVP_PKEY_ffc_priv_pub("DH");
  2506. }
  2507. # ifndef OPENSSL_NO_DEPRECATED_3_0
  2508. static int test_EVP_PKEY_set1_DH(void)
  2509. {
  2510. DH *x942dh = NULL, *noqdh = NULL;
  2511. EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
  2512. int ret = 0;
  2513. BIGNUM *p, *g = NULL;
  2514. BIGNUM *pubkey = NULL;
  2515. unsigned char pub[2048 / 8];
  2516. size_t len = 0;
  2517. if (!TEST_ptr(p = BN_new())
  2518. || !TEST_ptr(g = BN_new())
  2519. || !TEST_ptr(pubkey = BN_new())
  2520. || !TEST_true(BN_set_word(p, 9999))
  2521. || !TEST_true(BN_set_word(g, 2))
  2522. || !TEST_true(BN_set_word(pubkey, 4321))
  2523. || !TEST_ptr(noqdh = DH_new())
  2524. || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
  2525. || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
  2526. || !TEST_ptr(pubkey = BN_new())
  2527. || !TEST_true(BN_set_word(pubkey, 4321)))
  2528. goto err;
  2529. p = g = NULL;
  2530. x942dh = DH_get_2048_256();
  2531. pkey1 = EVP_PKEY_new();
  2532. pkey2 = EVP_PKEY_new();
  2533. if (!TEST_ptr(x942dh)
  2534. || !TEST_ptr(noqdh)
  2535. || !TEST_ptr(pkey1)
  2536. || !TEST_ptr(pkey2)
  2537. || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
  2538. goto err;
  2539. pubkey = NULL;
  2540. if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
  2541. || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
  2542. goto err;
  2543. if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
  2544. &pubkey))
  2545. || !TEST_ptr(pubkey))
  2546. goto err;
  2547. if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
  2548. || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
  2549. goto err;
  2550. if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
  2551. OSSL_PKEY_PARAM_PUB_KEY,
  2552. pub, sizeof(pub), &len))
  2553. || !TEST_size_t_ne(len, 0))
  2554. goto err;
  2555. ret = 1;
  2556. err:
  2557. BN_free(p);
  2558. BN_free(g);
  2559. BN_free(pubkey);
  2560. EVP_PKEY_free(pkey1);
  2561. EVP_PKEY_free(pkey2);
  2562. DH_free(x942dh);
  2563. DH_free(noqdh);
  2564. return ret;
  2565. }
  2566. # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
  2567. #endif /* !OPENSSL_NO_DH */
  2568. /*
  2569. * We test what happens with an empty template. For the sake of this test,
  2570. * the template must be ignored, and we know that's the case for RSA keys
  2571. * (this might arguably be a misfeature, but that's what we currently do,
  2572. * even in provider code, since that's how the legacy RSA implementation
  2573. * does things)
  2574. */
  2575. static int test_keygen_with_empty_template(int n)
  2576. {
  2577. EVP_PKEY_CTX *ctx = NULL;
  2578. EVP_PKEY *pkey = NULL;
  2579. EVP_PKEY *tkey = NULL;
  2580. int ret = 0;
  2581. if (nullprov != NULL)
  2582. return TEST_skip("Test does not support a non-default library context");
  2583. switch (n) {
  2584. case 0:
  2585. /* We do test with no template at all as well */
  2586. if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
  2587. goto err;
  2588. break;
  2589. case 1:
  2590. /* Here we create an empty RSA key that serves as our template */
  2591. if (!TEST_ptr(tkey = EVP_PKEY_new())
  2592. || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
  2593. || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
  2594. goto err;
  2595. break;
  2596. }
  2597. if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
  2598. || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
  2599. goto err;
  2600. ret = 1;
  2601. err:
  2602. EVP_PKEY_CTX_free(ctx);
  2603. EVP_PKEY_free(pkey);
  2604. EVP_PKEY_free(tkey);
  2605. return ret;
  2606. }
  2607. /*
  2608. * Test that we fail if we attempt to use an algorithm that is not available
  2609. * in the current library context (unless we are using an algorithm that
  2610. * should be made available via legacy codepaths).
  2611. *
  2612. * 0: RSA
  2613. * 1: SM2
  2614. */
  2615. static int test_pkey_ctx_fail_without_provider(int tst)
  2616. {
  2617. OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
  2618. OSSL_PROVIDER *tmpnullprov = NULL;
  2619. EVP_PKEY_CTX *pctx = NULL;
  2620. const char *keytype = NULL;
  2621. int expect_null = 0;
  2622. int ret = 0;
  2623. if (!TEST_ptr(tmpctx))
  2624. goto err;
  2625. tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
  2626. if (!TEST_ptr(tmpnullprov))
  2627. goto err;
  2628. /*
  2629. * We check for certain algos in the null provider.
  2630. * If an algo is expected to have a provider keymgmt, constructing an
  2631. * EVP_PKEY_CTX is expected to fail (return NULL).
  2632. * Otherwise, if it's expected to have legacy support, constructing an
  2633. * EVP_PKEY_CTX is expected to succeed (return non-NULL).
  2634. */
  2635. switch (tst) {
  2636. case 0:
  2637. keytype = "RSA";
  2638. expect_null = 1;
  2639. break;
  2640. case 1:
  2641. keytype = "SM2";
  2642. expect_null = 1;
  2643. #ifdef OPENSSL_NO_EC
  2644. TEST_info("EC disable, skipping SM2 check...");
  2645. goto end;
  2646. #endif
  2647. #ifdef OPENSSL_NO_SM2
  2648. TEST_info("SM2 disable, skipping SM2 check...");
  2649. goto end;
  2650. #endif
  2651. break;
  2652. default:
  2653. TEST_error("No test for case %d", tst);
  2654. goto err;
  2655. }
  2656. pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
  2657. if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
  2658. goto err;
  2659. #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
  2660. end:
  2661. #endif
  2662. ret = 1;
  2663. err:
  2664. EVP_PKEY_CTX_free(pctx);
  2665. OSSL_PROVIDER_unload(tmpnullprov);
  2666. OSSL_LIB_CTX_free(tmpctx);
  2667. return ret;
  2668. }
  2669. static int test_rand_agglomeration(void)
  2670. {
  2671. EVP_RAND *rand;
  2672. EVP_RAND_CTX *ctx;
  2673. OSSL_PARAM params[3], *p = params;
  2674. int res;
  2675. unsigned int step = 7;
  2676. static unsigned char seed[] = "It does not matter how slowly you go "
  2677. "as long as you do not stop.";
  2678. unsigned char out[sizeof(seed)];
  2679. if (!TEST_int_ne(sizeof(seed) % step, 0)
  2680. || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
  2681. return 0;
  2682. ctx = EVP_RAND_CTX_new(rand, NULL);
  2683. EVP_RAND_free(rand);
  2684. if (!TEST_ptr(ctx))
  2685. return 0;
  2686. memset(out, 0, sizeof(out));
  2687. *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
  2688. seed, sizeof(seed));
  2689. *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
  2690. *p = OSSL_PARAM_construct_end();
  2691. res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
  2692. && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
  2693. && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
  2694. EVP_RAND_CTX_free(ctx);
  2695. return res;
  2696. }
  2697. /*
  2698. * Test that we correctly return the original or "running" IV after
  2699. * an encryption operation.
  2700. * Run multiple times for some different relevant algorithms/modes.
  2701. */
  2702. static int test_evp_iv_aes(int idx)
  2703. {
  2704. int ret = 0;
  2705. EVP_CIPHER_CTX *ctx = NULL;
  2706. unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
  2707. 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
  2708. unsigned char init_iv[EVP_MAX_IV_LENGTH] =
  2709. {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
  2710. 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
  2711. static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
  2712. 9, 10, 11, 12, 13, 14, 15, 16 };
  2713. unsigned char ciphertext[32], oiv[16], iv[16];
  2714. unsigned char *ref_iv;
  2715. unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
  2716. 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
  2717. unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
  2718. 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
  2719. unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
  2720. 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
  2721. unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
  2722. 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
  2723. unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
  2724. #ifndef OPENSSL_NO_OCB
  2725. unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
  2726. 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
  2727. #endif
  2728. int len = sizeof(ciphertext);
  2729. size_t ivlen, ref_len;
  2730. const EVP_CIPHER *type = NULL;
  2731. int iv_reset = 0;
  2732. if (nullprov != NULL && idx < 6)
  2733. return TEST_skip("Test does not support a non-default library context");
  2734. switch (idx) {
  2735. case 0:
  2736. type = EVP_aes_128_cbc();
  2737. /* FALLTHROUGH */
  2738. case 6:
  2739. type = (type != NULL) ? type :
  2740. EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
  2741. ref_iv = cbc_state;
  2742. ref_len = sizeof(cbc_state);
  2743. iv_reset = 1;
  2744. break;
  2745. case 1:
  2746. type = EVP_aes_128_ofb();
  2747. /* FALLTHROUGH */
  2748. case 7:
  2749. type = (type != NULL) ? type :
  2750. EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
  2751. ref_iv = ofb_state;
  2752. ref_len = sizeof(ofb_state);
  2753. iv_reset = 1;
  2754. break;
  2755. case 2:
  2756. type = EVP_aes_128_cfb();
  2757. /* FALLTHROUGH */
  2758. case 8:
  2759. type = (type != NULL) ? type :
  2760. EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
  2761. ref_iv = cfb_state;
  2762. ref_len = sizeof(cfb_state);
  2763. iv_reset = 1;
  2764. break;
  2765. case 3:
  2766. type = EVP_aes_128_gcm();
  2767. /* FALLTHROUGH */
  2768. case 9:
  2769. type = (type != NULL) ? type :
  2770. EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
  2771. ref_iv = gcm_state;
  2772. ref_len = sizeof(gcm_state);
  2773. break;
  2774. case 4:
  2775. type = EVP_aes_128_ccm();
  2776. /* FALLTHROUGH */
  2777. case 10:
  2778. type = (type != NULL) ? type :
  2779. EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
  2780. ref_iv = ccm_state;
  2781. ref_len = sizeof(ccm_state);
  2782. break;
  2783. #ifdef OPENSSL_NO_OCB
  2784. case 5:
  2785. case 11:
  2786. return 1;
  2787. #else
  2788. case 5:
  2789. type = EVP_aes_128_ocb();
  2790. /* FALLTHROUGH */
  2791. case 11:
  2792. type = (type != NULL) ? type :
  2793. EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
  2794. ref_iv = ocb_state;
  2795. ref_len = sizeof(ocb_state);
  2796. break;
  2797. #endif
  2798. default:
  2799. return 0;
  2800. }
  2801. if (!TEST_ptr(type)
  2802. || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
  2803. || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
  2804. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
  2805. (int)sizeof(msg)))
  2806. || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
  2807. || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
  2808. || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
  2809. goto err;
  2810. ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
  2811. if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
  2812. || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
  2813. goto err;
  2814. /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
  2815. if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
  2816. || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
  2817. goto err;
  2818. if (iv_reset) {
  2819. if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
  2820. goto err;
  2821. } else {
  2822. if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
  2823. goto err;
  2824. }
  2825. ret = 1;
  2826. err:
  2827. EVP_CIPHER_CTX_free(ctx);
  2828. if (idx >= 6)
  2829. EVP_CIPHER_free((EVP_CIPHER *)type);
  2830. return ret;
  2831. }
  2832. #ifndef OPENSSL_NO_DES
  2833. static int test_evp_iv_des(int idx)
  2834. {
  2835. int ret = 0;
  2836. EVP_CIPHER_CTX *ctx = NULL;
  2837. static const unsigned char key[24] = {
  2838. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  2839. 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
  2840. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
  2841. };
  2842. static const unsigned char init_iv[8] = {
  2843. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
  2844. };
  2845. static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
  2846. 9, 10, 11, 12, 13, 14, 15, 16 };
  2847. unsigned char ciphertext[32], oiv[8], iv[8];
  2848. unsigned const char *ref_iv;
  2849. static const unsigned char cbc_state_des[8] = {
  2850. 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
  2851. };
  2852. static const unsigned char cbc_state_3des[8] = {
  2853. 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
  2854. };
  2855. static const unsigned char ofb_state_des[8] = {
  2856. 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
  2857. };
  2858. static const unsigned char ofb_state_3des[8] = {
  2859. 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
  2860. };
  2861. static const unsigned char cfb_state_des[8] = {
  2862. 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
  2863. };
  2864. static const unsigned char cfb_state_3des[8] = {
  2865. 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
  2866. };
  2867. int len = sizeof(ciphertext);
  2868. size_t ivlen, ref_len;
  2869. EVP_CIPHER *type = NULL;
  2870. if (lgcyprov == NULL && idx < 3)
  2871. return TEST_skip("Test requires legacy provider to be loaded");
  2872. switch (idx) {
  2873. case 0:
  2874. type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
  2875. ref_iv = cbc_state_des;
  2876. ref_len = sizeof(cbc_state_des);
  2877. break;
  2878. case 1:
  2879. type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
  2880. ref_iv = ofb_state_des;
  2881. ref_len = sizeof(ofb_state_des);
  2882. break;
  2883. case 2:
  2884. type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
  2885. ref_iv = cfb_state_des;
  2886. ref_len = sizeof(cfb_state_des);
  2887. break;
  2888. case 3:
  2889. type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
  2890. ref_iv = cbc_state_3des;
  2891. ref_len = sizeof(cbc_state_3des);
  2892. break;
  2893. case 4:
  2894. type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
  2895. ref_iv = ofb_state_3des;
  2896. ref_len = sizeof(ofb_state_3des);
  2897. break;
  2898. case 5:
  2899. type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
  2900. ref_iv = cfb_state_3des;
  2901. ref_len = sizeof(cfb_state_3des);
  2902. break;
  2903. default:
  2904. return 0;
  2905. }
  2906. if (!TEST_ptr(type)
  2907. || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
  2908. || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
  2909. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
  2910. (int)sizeof(msg)))
  2911. || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
  2912. || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
  2913. || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
  2914. goto err;
  2915. ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
  2916. if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
  2917. || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
  2918. goto err;
  2919. if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
  2920. || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
  2921. goto err;
  2922. if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
  2923. goto err;
  2924. ret = 1;
  2925. err:
  2926. EVP_CIPHER_CTX_free(ctx);
  2927. EVP_CIPHER_free(type);
  2928. return ret;
  2929. }
  2930. #endif
  2931. #ifndef OPENSSL_NO_BF
  2932. static int test_evp_bf_default_keylen(int idx)
  2933. {
  2934. int ret = 0;
  2935. static const char *algos[4] = {
  2936. "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
  2937. };
  2938. int ivlen[4] = { 0, 8, 8, 8 };
  2939. EVP_CIPHER *cipher = NULL;
  2940. if (lgcyprov == NULL)
  2941. return TEST_skip("Test requires legacy provider to be loaded");
  2942. if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
  2943. || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
  2944. || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
  2945. goto err;
  2946. ret = 1;
  2947. err:
  2948. EVP_CIPHER_free(cipher);
  2949. return ret;
  2950. }
  2951. #endif
  2952. #ifndef OPENSSL_NO_EC
  2953. static int ecpub_nids[] = {
  2954. NID_brainpoolP256r1, NID_X9_62_prime256v1,
  2955. NID_secp384r1, NID_secp521r1,
  2956. # ifndef OPENSSL_NO_EC2M
  2957. NID_sect233k1, NID_sect233r1, NID_sect283r1,
  2958. NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
  2959. # endif
  2960. NID_brainpoolP384r1, NID_brainpoolP512r1
  2961. };
  2962. static int test_ecpub(int idx)
  2963. {
  2964. int ret = 0, len, savelen;
  2965. int nid;
  2966. unsigned char buf[1024];
  2967. unsigned char *p;
  2968. EVP_PKEY *pkey = NULL;
  2969. EVP_PKEY_CTX *ctx = NULL;
  2970. # ifndef OPENSSL_NO_DEPRECATED_3_0
  2971. const unsigned char *q;
  2972. EVP_PKEY *pkey2 = NULL;
  2973. EC_KEY *ec = NULL;
  2974. # endif
  2975. if (nullprov != NULL)
  2976. return TEST_skip("Test does not support a non-default library context");
  2977. nid = ecpub_nids[idx];
  2978. ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
  2979. if (!TEST_ptr(ctx)
  2980. || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
  2981. || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
  2982. || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
  2983. goto done;
  2984. len = i2d_PublicKey(pkey, NULL);
  2985. savelen = len;
  2986. if (!TEST_int_ge(len, 1)
  2987. || !TEST_int_lt(len, 1024))
  2988. goto done;
  2989. p = buf;
  2990. len = i2d_PublicKey(pkey, &p);
  2991. if (!TEST_int_ge(len, 1)
  2992. || !TEST_int_eq(len, savelen))
  2993. goto done;
  2994. # ifndef OPENSSL_NO_DEPRECATED_3_0
  2995. /* Now try to decode the just-created DER. */
  2996. q = buf;
  2997. if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
  2998. || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
  2999. || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
  3000. goto done;
  3001. /* EC_KEY ownership transferred */
  3002. ec = NULL;
  3003. if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
  3004. goto done;
  3005. /* The keys should match. */
  3006. if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
  3007. goto done;
  3008. # endif
  3009. ret = 1;
  3010. done:
  3011. EVP_PKEY_CTX_free(ctx);
  3012. EVP_PKEY_free(pkey);
  3013. # ifndef OPENSSL_NO_DEPRECATED_3_0
  3014. EVP_PKEY_free(pkey2);
  3015. EC_KEY_free(ec);
  3016. # endif
  3017. return ret;
  3018. }
  3019. #endif
  3020. static int test_EVP_rsa_pss_with_keygen_bits(void)
  3021. {
  3022. int ret = 0;
  3023. EVP_PKEY_CTX *ctx = NULL;
  3024. EVP_PKEY *pkey = NULL;
  3025. EVP_MD *md;
  3026. md = EVP_MD_fetch(testctx, "sha256", testpropq);
  3027. ret = TEST_ptr(md)
  3028. && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
  3029. && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
  3030. && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
  3031. && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
  3032. && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
  3033. EVP_MD_free(md);
  3034. EVP_PKEY_free(pkey);
  3035. EVP_PKEY_CTX_free(ctx);
  3036. return ret;
  3037. }
  3038. static int test_EVP_rsa_pss_set_saltlen(void)
  3039. {
  3040. int ret = 0;
  3041. EVP_PKEY *pkey = NULL;
  3042. EVP_PKEY_CTX *pkey_ctx = NULL;
  3043. EVP_MD *sha256 = NULL;
  3044. EVP_MD_CTX *sha256_ctx = NULL;
  3045. int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
  3046. const int test_value = 32;
  3047. ret = TEST_ptr(pkey = load_example_rsa_key())
  3048. && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
  3049. && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
  3050. && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
  3051. && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
  3052. && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
  3053. && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
  3054. && TEST_int_eq(saltlen, test_value);
  3055. EVP_MD_CTX_free(sha256_ctx);
  3056. EVP_PKEY_free(pkey);
  3057. EVP_MD_free(sha256);
  3058. return ret;
  3059. }
  3060. static int success = 1;
  3061. static void md_names(const char *name, void *vctx)
  3062. {
  3063. OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
  3064. /* Force a namemap update */
  3065. EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
  3066. if (!TEST_ptr(aes128))
  3067. success = 0;
  3068. EVP_CIPHER_free(aes128);
  3069. }
  3070. /*
  3071. * Test that changing the namemap in a user callback works in a names_do_all
  3072. * function.
  3073. */
  3074. static int test_names_do_all(void)
  3075. {
  3076. /* We use a custom libctx so that we know the state of the namemap */
  3077. OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
  3078. EVP_MD *sha256 = NULL;
  3079. int testresult = 0;
  3080. if (!TEST_ptr(ctx))
  3081. goto err;
  3082. sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
  3083. if (!TEST_ptr(sha256))
  3084. goto err;
  3085. /*
  3086. * We loop through all the names for a given digest. This should still work
  3087. * even if the namemap changes part way through.
  3088. */
  3089. if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
  3090. goto err;
  3091. if (!TEST_true(success))
  3092. goto err;
  3093. testresult = 1;
  3094. err:
  3095. EVP_MD_free(sha256);
  3096. OSSL_LIB_CTX_free(ctx);
  3097. return testresult;
  3098. }
  3099. typedef struct {
  3100. const char *cipher;
  3101. const unsigned char *key;
  3102. const unsigned char *iv;
  3103. const unsigned char *input;
  3104. const unsigned char *expected;
  3105. const unsigned char *tag;
  3106. size_t ivlen; /* 0 if we do not need to set a specific IV len */
  3107. size_t inlen;
  3108. size_t expectedlen;
  3109. size_t taglen;
  3110. int keyfirst;
  3111. int initenc;
  3112. int finalenc;
  3113. } EVP_INIT_TEST_st;
  3114. static const EVP_INIT_TEST_st evp_init_tests[] = {
  3115. {
  3116. "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
  3117. cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
  3118. 0, 1, 0, 1
  3119. },
  3120. {
  3121. "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
  3122. gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
  3123. sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
  3124. sizeof(gcmDefaultTag), 1, 0, 1
  3125. },
  3126. {
  3127. "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
  3128. cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
  3129. 0, 0, 0, 1
  3130. },
  3131. {
  3132. "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
  3133. gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
  3134. sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
  3135. sizeof(gcmDefaultTag), 0, 0, 1
  3136. },
  3137. {
  3138. "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
  3139. cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
  3140. 0, 1, 1, 0
  3141. },
  3142. {
  3143. "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
  3144. gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
  3145. sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
  3146. sizeof(gcmDefaultTag), 1, 1, 0
  3147. },
  3148. {
  3149. "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
  3150. cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
  3151. 0, 0, 1, 0
  3152. },
  3153. {
  3154. "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
  3155. gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
  3156. sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
  3157. sizeof(gcmDefaultTag), 0, 1, 0
  3158. }
  3159. };
  3160. static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
  3161. {
  3162. int res = 0;
  3163. if (t->ivlen != 0) {
  3164. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
  3165. goto err;
  3166. }
  3167. if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
  3168. goto err;
  3169. res = 1;
  3170. err:
  3171. return res;
  3172. }
  3173. /*
  3174. * Test step-wise cipher initialization via EVP_CipherInit_ex where the
  3175. * arguments are given one at a time and a final adjustment to the enc
  3176. * parameter sets the correct operation.
  3177. */
  3178. static int test_evp_init_seq(int idx)
  3179. {
  3180. int outlen1, outlen2;
  3181. int testresult = 0;
  3182. unsigned char outbuf[1024];
  3183. unsigned char tag[16];
  3184. const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
  3185. EVP_CIPHER_CTX *ctx = NULL;
  3186. EVP_CIPHER *type = NULL;
  3187. size_t taglen = sizeof(tag);
  3188. char *errmsg = NULL;
  3189. ctx = EVP_CIPHER_CTX_new();
  3190. if (ctx == NULL) {
  3191. errmsg = "CTX_ALLOC";
  3192. goto err;
  3193. }
  3194. if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
  3195. errmsg = "CIPHER_FETCH";
  3196. goto err;
  3197. }
  3198. if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
  3199. errmsg = "EMPTY_ENC_INIT";
  3200. goto err;
  3201. }
  3202. if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
  3203. errmsg = "PADDING";
  3204. goto err;
  3205. }
  3206. if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
  3207. errmsg = "KEY_INIT (before iv)";
  3208. goto err;
  3209. }
  3210. if (!evp_init_seq_set_iv(ctx, t)) {
  3211. errmsg = "IV_INIT";
  3212. goto err;
  3213. }
  3214. if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
  3215. errmsg = "KEY_INIT (after iv)";
  3216. goto err;
  3217. }
  3218. if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
  3219. errmsg = "FINAL_ENC_INIT";
  3220. goto err;
  3221. }
  3222. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
  3223. errmsg = "CIPHER_UPDATE";
  3224. goto err;
  3225. }
  3226. if (t->finalenc == 0 && t->tag != NULL) {
  3227. /* Set expected tag */
  3228. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
  3229. t->taglen, (void *)t->tag), 0)) {
  3230. errmsg = "SET_TAG";
  3231. goto err;
  3232. }
  3233. }
  3234. if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
  3235. errmsg = "CIPHER_FINAL";
  3236. goto err;
  3237. }
  3238. if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
  3239. errmsg = "WRONG_RESULT";
  3240. goto err;
  3241. }
  3242. if (t->finalenc != 0 && t->tag != NULL) {
  3243. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
  3244. errmsg = "GET_TAG";
  3245. goto err;
  3246. }
  3247. if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
  3248. errmsg = "TAG_ERROR";
  3249. goto err;
  3250. }
  3251. }
  3252. testresult = 1;
  3253. err:
  3254. if (errmsg != NULL)
  3255. TEST_info("evp_init_test %d: %s", idx, errmsg);
  3256. EVP_CIPHER_CTX_free(ctx);
  3257. EVP_CIPHER_free(type);
  3258. return testresult;
  3259. }
  3260. typedef struct {
  3261. const unsigned char *input;
  3262. const unsigned char *expected;
  3263. size_t inlen;
  3264. size_t expectedlen;
  3265. int enc;
  3266. } EVP_RESET_TEST_st;
  3267. static const EVP_RESET_TEST_st evp_reset_tests[] = {
  3268. {
  3269. cfbPlaintext, cfbCiphertext,
  3270. sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
  3271. },
  3272. {
  3273. cfbCiphertext, cfbPlaintext,
  3274. sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
  3275. }
  3276. };
  3277. /*
  3278. * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
  3279. * been used.
  3280. */
  3281. static int test_evp_reset(int idx)
  3282. {
  3283. const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
  3284. int outlen1, outlen2;
  3285. int testresult = 0;
  3286. unsigned char outbuf[1024];
  3287. EVP_CIPHER_CTX *ctx = NULL;
  3288. EVP_CIPHER *type = NULL;
  3289. char *errmsg = NULL;
  3290. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
  3291. errmsg = "CTX_ALLOC";
  3292. goto err;
  3293. }
  3294. if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
  3295. errmsg = "CIPHER_FETCH";
  3296. goto err;
  3297. }
  3298. if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
  3299. errmsg = "CIPHER_INIT";
  3300. goto err;
  3301. }
  3302. if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
  3303. errmsg = "PADDING";
  3304. goto err;
  3305. }
  3306. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
  3307. errmsg = "CIPHER_UPDATE";
  3308. goto err;
  3309. }
  3310. if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
  3311. errmsg = "CIPHER_FINAL";
  3312. goto err;
  3313. }
  3314. if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
  3315. errmsg = "WRONG_RESULT";
  3316. goto err;
  3317. }
  3318. if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
  3319. errmsg = "CIPHER_REINIT";
  3320. goto err;
  3321. }
  3322. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
  3323. errmsg = "CIPHER_UPDATE (reinit)";
  3324. goto err;
  3325. }
  3326. if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
  3327. errmsg = "CIPHER_FINAL (reinit)";
  3328. goto err;
  3329. }
  3330. if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
  3331. errmsg = "WRONG_RESULT (reinit)";
  3332. goto err;
  3333. }
  3334. testresult = 1;
  3335. err:
  3336. if (errmsg != NULL)
  3337. TEST_info("test_evp_reset %d: %s", idx, errmsg);
  3338. EVP_CIPHER_CTX_free(ctx);
  3339. EVP_CIPHER_free(type);
  3340. return testresult;
  3341. }
  3342. typedef struct {
  3343. const char *cipher;
  3344. int enc;
  3345. } EVP_UPDATED_IV_TEST_st;
  3346. static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
  3347. {
  3348. "aes-128-cfb", 1
  3349. },
  3350. {
  3351. "aes-128-cfb", 0
  3352. },
  3353. {
  3354. "aes-128-cfb1", 1
  3355. },
  3356. {
  3357. "aes-128-cfb1", 0
  3358. },
  3359. {
  3360. "aes-128-cfb8", 1
  3361. },
  3362. {
  3363. "aes-128-cfb8", 0
  3364. },
  3365. {
  3366. "aes-128-ofb", 1
  3367. },
  3368. {
  3369. "aes-128-ofb", 0
  3370. },
  3371. {
  3372. "aes-128-ctr", 1
  3373. },
  3374. {
  3375. "aes-128-ctr", 0
  3376. },
  3377. {
  3378. "aes-128-cbc", 1
  3379. },
  3380. {
  3381. "aes-128-cbc", 0
  3382. }
  3383. };
  3384. /*
  3385. * Test that the IV in the context is updated during a crypto operation for CFB
  3386. * and OFB.
  3387. */
  3388. static int test_evp_updated_iv(int idx)
  3389. {
  3390. const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
  3391. int outlen1, outlen2;
  3392. int testresult = 0;
  3393. unsigned char outbuf[1024];
  3394. EVP_CIPHER_CTX *ctx = NULL;
  3395. EVP_CIPHER *type = NULL;
  3396. unsigned char updated_iv[EVP_MAX_IV_LENGTH];
  3397. int iv_len;
  3398. char *errmsg = NULL;
  3399. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
  3400. errmsg = "CTX_ALLOC";
  3401. goto err;
  3402. }
  3403. if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
  3404. TEST_info("cipher %s not supported, skipping", t->cipher);
  3405. goto ok;
  3406. }
  3407. if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
  3408. errmsg = "CIPHER_INIT";
  3409. goto err;
  3410. }
  3411. if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
  3412. errmsg = "PADDING";
  3413. goto err;
  3414. }
  3415. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
  3416. errmsg = "CIPHER_UPDATE";
  3417. goto err;
  3418. }
  3419. if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
  3420. errmsg = "CIPHER_CTX_GET_UPDATED_IV";
  3421. goto err;
  3422. }
  3423. if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
  3424. errmsg = "CIPHER_CTX_GET_IV_LEN";
  3425. goto err;
  3426. }
  3427. if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
  3428. errmsg = "IV_NOT_UPDATED";
  3429. goto err;
  3430. }
  3431. if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
  3432. errmsg = "CIPHER_FINAL";
  3433. goto err;
  3434. }
  3435. ok:
  3436. testresult = 1;
  3437. err:
  3438. if (errmsg != NULL)
  3439. TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
  3440. EVP_CIPHER_CTX_free(ctx);
  3441. EVP_CIPHER_free(type);
  3442. return testresult;
  3443. }
  3444. typedef struct {
  3445. const unsigned char *iv1;
  3446. const unsigned char *iv2;
  3447. const unsigned char *expected1;
  3448. const unsigned char *expected2;
  3449. const unsigned char *tag1;
  3450. const unsigned char *tag2;
  3451. size_t ivlen1;
  3452. size_t ivlen2;
  3453. size_t expectedlen1;
  3454. size_t expectedlen2;
  3455. } TEST_GCM_IV_REINIT_st;
  3456. static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
  3457. {
  3458. iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
  3459. gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
  3460. sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
  3461. },
  3462. {
  3463. iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
  3464. gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
  3465. sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
  3466. }
  3467. };
  3468. static int test_gcm_reinit(int idx)
  3469. {
  3470. int outlen1, outlen2, outlen3;
  3471. int testresult = 0;
  3472. unsigned char outbuf[1024];
  3473. unsigned char tag[16];
  3474. const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
  3475. EVP_CIPHER_CTX *ctx = NULL;
  3476. EVP_CIPHER *type = NULL;
  3477. size_t taglen = sizeof(tag);
  3478. char *errmsg = NULL;
  3479. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
  3480. errmsg = "CTX_ALLOC";
  3481. goto err;
  3482. }
  3483. if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
  3484. errmsg = "CIPHER_FETCH";
  3485. goto err;
  3486. }
  3487. if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
  3488. errmsg = "ENC_INIT";
  3489. goto err;
  3490. }
  3491. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
  3492. errmsg = "SET_IVLEN1";
  3493. goto err;
  3494. }
  3495. if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
  3496. errmsg = "SET_IV1";
  3497. goto err;
  3498. }
  3499. if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
  3500. errmsg = "AAD1";
  3501. goto err;
  3502. }
  3503. EVP_CIPHER_CTX_set_padding(ctx, 0);
  3504. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
  3505. sizeof(gcmResetPlaintext)))) {
  3506. errmsg = "CIPHER_UPDATE1";
  3507. goto err;
  3508. }
  3509. if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
  3510. errmsg = "CIPHER_FINAL1";
  3511. goto err;
  3512. }
  3513. if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
  3514. errmsg = "WRONG_RESULT1";
  3515. goto err;
  3516. }
  3517. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
  3518. errmsg = "GET_TAG1";
  3519. goto err;
  3520. }
  3521. if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
  3522. errmsg = "TAG_ERROR1";
  3523. goto err;
  3524. }
  3525. /* Now reinit */
  3526. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
  3527. errmsg = "SET_IVLEN2";
  3528. goto err;
  3529. }
  3530. if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
  3531. errmsg = "SET_IV2";
  3532. goto err;
  3533. }
  3534. if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
  3535. errmsg = "AAD2";
  3536. goto err;
  3537. }
  3538. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
  3539. sizeof(gcmResetPlaintext)))) {
  3540. errmsg = "CIPHER_UPDATE2";
  3541. goto err;
  3542. }
  3543. if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
  3544. errmsg = "CIPHER_FINAL2";
  3545. goto err;
  3546. }
  3547. if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
  3548. errmsg = "WRONG_RESULT2";
  3549. goto err;
  3550. }
  3551. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
  3552. errmsg = "GET_TAG2";
  3553. goto err;
  3554. }
  3555. if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
  3556. errmsg = "TAG_ERROR2";
  3557. goto err;
  3558. }
  3559. testresult = 1;
  3560. err:
  3561. if (errmsg != NULL)
  3562. TEST_info("evp_init_test %d: %s", idx, errmsg);
  3563. EVP_CIPHER_CTX_free(ctx);
  3564. EVP_CIPHER_free(type);
  3565. return testresult;
  3566. }
  3567. #ifndef OPENSSL_NO_DEPRECATED_3_0
  3568. static EVP_PKEY_METHOD *custom_pmeth = NULL;
  3569. static const EVP_PKEY_METHOD *orig_pmeth = NULL;
  3570. # define EVP_PKEY_CTRL_MY_COMMAND 9999
  3571. static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
  3572. {
  3573. int (*pinit)(EVP_PKEY_CTX *ctx);
  3574. EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
  3575. return pinit(ctx);
  3576. }
  3577. static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
  3578. {
  3579. void (*pcleanup)(EVP_PKEY_CTX *ctx);
  3580. EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
  3581. pcleanup(ctx);
  3582. }
  3583. static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
  3584. size_t *outlen, const unsigned char *in,
  3585. size_t inlen)
  3586. {
  3587. int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
  3588. const unsigned char *tbs, size_t tbslen);
  3589. EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
  3590. return psign(ctx, out, outlen, in, inlen);
  3591. }
  3592. static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
  3593. size_t *siglen, const unsigned char *tbs,
  3594. size_t tbslen)
  3595. {
  3596. int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
  3597. const unsigned char *tbs, size_t tbslen);
  3598. EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
  3599. return pdigestsign(ctx, sig, siglen, tbs, tbslen);
  3600. }
  3601. static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
  3602. size_t *keylen)
  3603. {
  3604. int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
  3605. EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
  3606. return pderive(ctx, key, keylen);
  3607. }
  3608. static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
  3609. {
  3610. int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
  3611. EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
  3612. return pcopy(dst, src);
  3613. }
  3614. static int ctrl_called;
  3615. static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
  3616. {
  3617. int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
  3618. EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
  3619. if (type == EVP_PKEY_CTRL_MY_COMMAND) {
  3620. ctrl_called = 1;
  3621. return 1;
  3622. }
  3623. return pctrl(ctx, type, p1, p2);
  3624. }
  3625. static int test_custom_pmeth(int idx)
  3626. {
  3627. EVP_PKEY_CTX *pctx = NULL;
  3628. EVP_MD_CTX *ctx = NULL;
  3629. EVP_PKEY *pkey = NULL;
  3630. int id, orig_id, orig_flags;
  3631. int testresult = 0;
  3632. size_t reslen;
  3633. unsigned char *res = NULL;
  3634. unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
  3635. const EVP_MD *md = EVP_sha256();
  3636. int doderive = 0;
  3637. ctrl_called = 0;
  3638. /* We call deprecated APIs so this test doesn't support a custom libctx */
  3639. if (testctx != NULL)
  3640. return 1;
  3641. switch (idx) {
  3642. case 0:
  3643. case 6:
  3644. id = EVP_PKEY_RSA;
  3645. pkey = load_example_rsa_key();
  3646. break;
  3647. case 1:
  3648. case 7:
  3649. # ifndef OPENSSL_NO_DSA
  3650. id = EVP_PKEY_DSA;
  3651. pkey = load_example_dsa_key();
  3652. break;
  3653. # else
  3654. return 1;
  3655. # endif
  3656. case 2:
  3657. case 8:
  3658. # ifndef OPENSSL_NO_EC
  3659. id = EVP_PKEY_EC;
  3660. pkey = load_example_ec_key();
  3661. break;
  3662. # else
  3663. return 1;
  3664. # endif
  3665. case 3:
  3666. case 9:
  3667. # ifndef OPENSSL_NO_EC
  3668. id = EVP_PKEY_ED25519;
  3669. md = NULL;
  3670. pkey = load_example_ed25519_key();
  3671. break;
  3672. # else
  3673. return 1;
  3674. # endif
  3675. case 4:
  3676. case 10:
  3677. # ifndef OPENSSL_NO_DH
  3678. id = EVP_PKEY_DH;
  3679. doderive = 1;
  3680. pkey = load_example_dh_key();
  3681. break;
  3682. # else
  3683. return 1;
  3684. # endif
  3685. case 5:
  3686. case 11:
  3687. # ifndef OPENSSL_NO_EC
  3688. id = EVP_PKEY_X25519;
  3689. doderive = 1;
  3690. pkey = load_example_x25519_key();
  3691. break;
  3692. # else
  3693. return 1;
  3694. # endif
  3695. default:
  3696. TEST_error("Should not happen");
  3697. goto err;
  3698. }
  3699. if (!TEST_ptr(pkey))
  3700. goto err;
  3701. if (idx < 6) {
  3702. if (!TEST_true(evp_pkey_is_provided(pkey)))
  3703. goto err;
  3704. } else {
  3705. EVP_PKEY *tmp = pkey;
  3706. /* Convert to a legacy key */
  3707. pkey = EVP_PKEY_new();
  3708. if (!TEST_ptr(pkey)) {
  3709. pkey = tmp;
  3710. goto err;
  3711. }
  3712. if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
  3713. EVP_PKEY_free(tmp);
  3714. goto err;
  3715. }
  3716. EVP_PKEY_free(tmp);
  3717. if (!TEST_true(evp_pkey_is_legacy(pkey)))
  3718. goto err;
  3719. }
  3720. if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
  3721. || !TEST_ptr(pkey))
  3722. goto err;
  3723. EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
  3724. if (!TEST_int_eq(orig_id, id)
  3725. || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
  3726. goto err;
  3727. if (id == EVP_PKEY_ED25519) {
  3728. EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
  3729. } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
  3730. EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
  3731. } else {
  3732. EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
  3733. }
  3734. if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
  3735. EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
  3736. EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
  3737. EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
  3738. }
  3739. EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
  3740. if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
  3741. goto err;
  3742. if (doderive) {
  3743. pctx = EVP_PKEY_CTX_new(pkey, NULL);
  3744. if (!TEST_ptr(pctx)
  3745. || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
  3746. || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
  3747. EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
  3748. 1)
  3749. || !TEST_int_eq(ctrl_called, 1)
  3750. || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
  3751. || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
  3752. || !TEST_ptr(res = OPENSSL_malloc(reslen))
  3753. || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
  3754. goto err;
  3755. } else {
  3756. ctx = EVP_MD_CTX_new();
  3757. reslen = EVP_PKEY_size(pkey);
  3758. res = OPENSSL_malloc(reslen);
  3759. if (!TEST_ptr(ctx)
  3760. || !TEST_ptr(res)
  3761. || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
  3762. || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
  3763. EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
  3764. 1)
  3765. || !TEST_int_eq(ctrl_called, 1))
  3766. goto err;
  3767. if (id == EVP_PKEY_ED25519) {
  3768. if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
  3769. goto err;
  3770. } else {
  3771. if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
  3772. || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
  3773. goto err;
  3774. }
  3775. }
  3776. testresult = 1;
  3777. err:
  3778. OPENSSL_free(res);
  3779. EVP_MD_CTX_free(ctx);
  3780. if (doderive)
  3781. EVP_PKEY_CTX_free(pctx);
  3782. EVP_PKEY_free(pkey);
  3783. EVP_PKEY_meth_remove(custom_pmeth);
  3784. EVP_PKEY_meth_free(custom_pmeth);
  3785. custom_pmeth = NULL;
  3786. return testresult;
  3787. }
  3788. static int test_evp_md_cipher_meth(void)
  3789. {
  3790. EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
  3791. EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
  3792. int testresult = 0;
  3793. if (!TEST_ptr(md) || !TEST_ptr(ciph))
  3794. goto err;
  3795. testresult = 1;
  3796. err:
  3797. EVP_MD_meth_free(md);
  3798. EVP_CIPHER_meth_free(ciph);
  3799. return testresult;
  3800. }
  3801. typedef struct {
  3802. int data;
  3803. } custom_dgst_ctx;
  3804. static int custom_md_init_called = 0;
  3805. static int custom_md_cleanup_called = 0;
  3806. static int custom_md_init(EVP_MD_CTX *ctx)
  3807. {
  3808. custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
  3809. if (p == NULL)
  3810. return 0;
  3811. custom_md_init_called++;
  3812. return 1;
  3813. }
  3814. static int custom_md_cleanup(EVP_MD_CTX *ctx)
  3815. {
  3816. custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
  3817. if (p == NULL)
  3818. /* Nothing to do */
  3819. return 1;
  3820. custom_md_cleanup_called++;
  3821. return 1;
  3822. }
  3823. static int test_custom_md_meth(void)
  3824. {
  3825. EVP_MD_CTX *mdctx = NULL;
  3826. EVP_MD *tmp = NULL;
  3827. char mess[] = "Test Message\n";
  3828. unsigned char md_value[EVP_MAX_MD_SIZE];
  3829. unsigned int md_len;
  3830. int testresult = 0;
  3831. int nid;
  3832. /*
  3833. * We are testing deprecated functions. We don't support a non-default
  3834. * library context in this test.
  3835. */
  3836. if (testctx != NULL)
  3837. return TEST_skip("Non-default libctx");
  3838. custom_md_init_called = custom_md_cleanup_called = 0;
  3839. nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
  3840. if (!TEST_int_ne(nid, NID_undef))
  3841. goto err;
  3842. tmp = EVP_MD_meth_new(nid, NID_undef);
  3843. if (!TEST_ptr(tmp))
  3844. goto err;
  3845. if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
  3846. || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
  3847. || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
  3848. sizeof(custom_dgst_ctx))))
  3849. goto err;
  3850. mdctx = EVP_MD_CTX_new();
  3851. if (!TEST_ptr(mdctx)
  3852. /*
  3853. * Initing our custom md and then initing another md should
  3854. * result in the init and cleanup functions of the custom md
  3855. * being called.
  3856. */
  3857. || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
  3858. || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
  3859. || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
  3860. || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
  3861. || !TEST_int_eq(custom_md_init_called, 1)
  3862. || !TEST_int_eq(custom_md_cleanup_called, 1))
  3863. goto err;
  3864. testresult = 1;
  3865. err:
  3866. EVP_MD_CTX_free(mdctx);
  3867. EVP_MD_meth_free(tmp);
  3868. return testresult;
  3869. }
  3870. typedef struct {
  3871. int data;
  3872. } custom_ciph_ctx;
  3873. static int custom_ciph_init_called = 0;
  3874. static int custom_ciph_cleanup_called = 0;
  3875. static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  3876. const unsigned char *iv, int enc)
  3877. {
  3878. custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
  3879. if (p == NULL)
  3880. return 0;
  3881. custom_ciph_init_called++;
  3882. return 1;
  3883. }
  3884. static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
  3885. {
  3886. custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
  3887. if (p == NULL)
  3888. /* Nothing to do */
  3889. return 1;
  3890. custom_ciph_cleanup_called++;
  3891. return 1;
  3892. }
  3893. static int test_custom_ciph_meth(void)
  3894. {
  3895. EVP_CIPHER_CTX *ciphctx = NULL;
  3896. EVP_CIPHER *tmp = NULL;
  3897. int testresult = 0;
  3898. int nid;
  3899. /*
  3900. * We are testing deprecated functions. We don't support a non-default
  3901. * library context in this test.
  3902. */
  3903. if (testctx != NULL)
  3904. return TEST_skip("Non-default libctx");
  3905. custom_ciph_init_called = custom_ciph_cleanup_called = 0;
  3906. nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
  3907. if (!TEST_int_ne(nid, NID_undef))
  3908. goto err;
  3909. tmp = EVP_CIPHER_meth_new(nid, 16, 16);
  3910. if (!TEST_ptr(tmp))
  3911. goto err;
  3912. if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
  3913. || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
  3914. || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
  3915. || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
  3916. sizeof(custom_ciph_ctx))))
  3917. goto err;
  3918. ciphctx = EVP_CIPHER_CTX_new();
  3919. if (!TEST_ptr(ciphctx)
  3920. /*
  3921. * Initing our custom cipher and then initing another cipher
  3922. * should result in the init and cleanup functions of the custom
  3923. * cipher being called.
  3924. */
  3925. || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
  3926. || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
  3927. NULL, NULL, 1))
  3928. || !TEST_int_eq(custom_ciph_init_called, 1)
  3929. || !TEST_int_eq(custom_ciph_cleanup_called, 1))
  3930. goto err;
  3931. testresult = 1;
  3932. err:
  3933. EVP_CIPHER_CTX_free(ciphctx);
  3934. EVP_CIPHER_meth_free(tmp);
  3935. return testresult;
  3936. }
  3937. # ifndef OPENSSL_NO_DYNAMIC_ENGINE
  3938. /* Test we can create a signature keys with an associated ENGINE */
  3939. static int test_signatures_with_engine(int tst)
  3940. {
  3941. ENGINE *e;
  3942. const char *engine_id = "dasync";
  3943. EVP_PKEY *pkey = NULL;
  3944. const unsigned char badcmackey[] = { 0x00, 0x01 };
  3945. const unsigned char cmackey[] = {
  3946. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  3947. 0x0c, 0x0d, 0x0e, 0x0f
  3948. };
  3949. const unsigned char ed25519key[] = {
  3950. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  3951. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  3952. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
  3953. };
  3954. const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
  3955. int testresult = 0;
  3956. EVP_MD_CTX *ctx = NULL;
  3957. unsigned char *mac = NULL;
  3958. size_t maclen = 0;
  3959. int ret;
  3960. # ifdef OPENSSL_NO_CMAC
  3961. /* Skip CMAC tests in a no-cmac build */
  3962. if (tst <= 1)
  3963. return 1;
  3964. # endif
  3965. if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
  3966. return 0;
  3967. if (!TEST_true(ENGINE_init(e))) {
  3968. ENGINE_free(e);
  3969. return 0;
  3970. }
  3971. switch (tst) {
  3972. case 0:
  3973. pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
  3974. EVP_aes_128_cbc());
  3975. break;
  3976. case 1:
  3977. pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
  3978. EVP_aes_128_cbc());
  3979. break;
  3980. case 2:
  3981. pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
  3982. sizeof(ed25519key));
  3983. break;
  3984. default:
  3985. TEST_error("Invalid test case");
  3986. goto err;
  3987. }
  3988. if (!TEST_ptr(pkey))
  3989. goto err;
  3990. if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
  3991. goto err;
  3992. ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
  3993. pkey);
  3994. if (tst == 0) {
  3995. if (!TEST_true(ret))
  3996. goto err;
  3997. if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
  3998. || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
  3999. goto err;
  4000. if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
  4001. goto err;
  4002. if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
  4003. goto err;
  4004. } else {
  4005. /* We used a bad key. We expect a failure here */
  4006. if (!TEST_false(ret))
  4007. goto err;
  4008. }
  4009. testresult = 1;
  4010. err:
  4011. EVP_MD_CTX_free(ctx);
  4012. OPENSSL_free(mac);
  4013. EVP_PKEY_free(pkey);
  4014. ENGINE_finish(e);
  4015. ENGINE_free(e);
  4016. return testresult;
  4017. }
  4018. static int test_cipher_with_engine(void)
  4019. {
  4020. ENGINE *e;
  4021. const char *engine_id = "dasync";
  4022. const unsigned char keyiv[] = {
  4023. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  4024. 0x0c, 0x0d, 0x0e, 0x0f
  4025. };
  4026. const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
  4027. int testresult = 0;
  4028. EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
  4029. unsigned char buf[AES_BLOCK_SIZE];
  4030. int len = 0;
  4031. if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
  4032. return 0;
  4033. if (!TEST_true(ENGINE_init(e))) {
  4034. ENGINE_free(e);
  4035. return 0;
  4036. }
  4037. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  4038. || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
  4039. goto err;
  4040. if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
  4041. goto err;
  4042. /* Copy the ctx, and complete the operation with the new ctx */
  4043. if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
  4044. goto err;
  4045. if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
  4046. || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
  4047. goto err;
  4048. testresult = 1;
  4049. err:
  4050. EVP_CIPHER_CTX_free(ctx);
  4051. EVP_CIPHER_CTX_free(ctx2);
  4052. ENGINE_finish(e);
  4053. ENGINE_free(e);
  4054. return testresult;
  4055. }
  4056. # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
  4057. #endif /* OPENSSL_NO_DEPRECATED_3_0 */
  4058. static int ecxnids[] = {
  4059. NID_X25519,
  4060. NID_X448,
  4061. NID_ED25519,
  4062. NID_ED448
  4063. };
  4064. /* Test that creating ECX keys with a short private key fails as expected */
  4065. static int test_ecx_short_keys(int tst)
  4066. {
  4067. unsigned char ecxkeydata = 1;
  4068. EVP_PKEY *pkey;
  4069. pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
  4070. NULL, &ecxkeydata, 1);
  4071. if (!TEST_ptr_null(pkey)) {
  4072. EVP_PKEY_free(pkey);
  4073. return 0;
  4074. }
  4075. return 1;
  4076. }
  4077. typedef enum OPTION_choice {
  4078. OPT_ERR = -1,
  4079. OPT_EOF = 0,
  4080. OPT_CONTEXT,
  4081. OPT_TEST_ENUM
  4082. } OPTION_CHOICE;
  4083. const OPTIONS *test_get_options(void)
  4084. {
  4085. static const OPTIONS options[] = {
  4086. OPT_TEST_OPTIONS_DEFAULT_USAGE,
  4087. { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
  4088. { NULL }
  4089. };
  4090. return options;
  4091. }
  4092. #ifndef OPENSSL_NO_EC
  4093. /* Test that trying to sign with a public key errors out gracefully */
  4094. static int test_ecx_not_private_key(int tst)
  4095. {
  4096. EVP_PKEY *pkey = NULL;
  4097. const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
  4098. int testresult = 0;
  4099. EVP_MD_CTX *ctx = NULL;
  4100. unsigned char *mac = NULL;
  4101. size_t maclen = 0;
  4102. unsigned char *pubkey;
  4103. size_t pubkeylen;
  4104. switch (keys[tst].type) {
  4105. case NID_X25519:
  4106. case NID_X448:
  4107. return TEST_skip("signing not supported for X25519/X448");
  4108. }
  4109. /* Check if this algorithm supports public keys */
  4110. if (keys[tst].pub == NULL)
  4111. return TEST_skip("no public key present");
  4112. pubkey = (unsigned char *)keys[tst].pub;
  4113. pubkeylen = strlen(keys[tst].pub);
  4114. pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
  4115. NULL, pubkey, pubkeylen);
  4116. if (!TEST_ptr(pkey))
  4117. goto err;
  4118. if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
  4119. goto err;
  4120. if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
  4121. goto check_err;
  4122. if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
  4123. goto check_err;
  4124. if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
  4125. goto err;
  4126. if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
  4127. goto err;
  4128. check_err:
  4129. /*
  4130. * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
  4131. * but we relax the check to allow error also thrown by
  4132. * EVP_DigestSignInit and EVP_DigestSign.
  4133. */
  4134. if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
  4135. testresult = 1;
  4136. ERR_clear_error();
  4137. }
  4138. err:
  4139. EVP_MD_CTX_free(ctx);
  4140. OPENSSL_free(mac);
  4141. EVP_PKEY_free(pkey);
  4142. return testresult;
  4143. }
  4144. #endif /* OPENSSL_NO_EC */
  4145. int setup_tests(void)
  4146. {
  4147. OPTION_CHOICE o;
  4148. while ((o = opt_next()) != OPT_EOF) {
  4149. switch (o) {
  4150. case OPT_CONTEXT:
  4151. /* Set up an alternate library context */
  4152. testctx = OSSL_LIB_CTX_new();
  4153. if (!TEST_ptr(testctx))
  4154. return 0;
  4155. /* Swap the libctx to test non-default context only */
  4156. nullprov = OSSL_PROVIDER_load(NULL, "null");
  4157. deflprov = OSSL_PROVIDER_load(testctx, "default");
  4158. lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
  4159. break;
  4160. case OPT_TEST_CASES:
  4161. break;
  4162. default:
  4163. return 0;
  4164. }
  4165. }
  4166. ADD_TEST(test_EVP_set_default_properties);
  4167. ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
  4168. ADD_TEST(test_EVP_DigestVerifyInit);
  4169. #ifndef OPENSSL_NO_SIPHASH
  4170. ADD_TEST(test_siphash_digestsign);
  4171. #endif
  4172. ADD_TEST(test_EVP_Digest);
  4173. ADD_TEST(test_EVP_md_null);
  4174. ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
  4175. ADD_ALL_TESTS(test_EVP_Enveloped, 2);
  4176. ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
  4177. ADD_TEST(test_privatekey_to_pkcs8);
  4178. ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
  4179. #ifndef OPENSSL_NO_EC
  4180. ADD_TEST(test_EVP_PKCS82PKEY);
  4181. #endif
  4182. #ifndef OPENSSL_NO_EC
  4183. ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
  4184. #endif
  4185. #if !defined(OPENSSL_NO_SM2)
  4186. ADD_TEST(test_EVP_SM2);
  4187. ADD_TEST(test_EVP_SM2_verify);
  4188. #endif
  4189. ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
  4190. #ifndef OPENSSL_NO_DEPRECATED_3_0
  4191. custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
  4192. if (!TEST_ptr(custom_pmeth))
  4193. return 0;
  4194. EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
  4195. EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
  4196. EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
  4197. if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
  4198. return 0;
  4199. #endif
  4200. ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
  4201. #ifndef OPENSSL_NO_CMAC
  4202. ADD_TEST(test_CMAC_keygen);
  4203. #endif
  4204. ADD_TEST(test_HKDF);
  4205. ADD_TEST(test_emptyikm_HKDF);
  4206. #ifndef OPENSSL_NO_EC
  4207. ADD_TEST(test_X509_PUBKEY_inplace);
  4208. ADD_TEST(test_X509_PUBKEY_dup);
  4209. ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
  4210. OSSL_NELEM(ec_der_pub_keys));
  4211. #endif
  4212. #ifndef OPENSSL_NO_DSA
  4213. ADD_TEST(test_DSA_get_set_params);
  4214. ADD_TEST(test_DSA_priv_pub);
  4215. #endif
  4216. ADD_TEST(test_RSA_get_set_params);
  4217. ADD_TEST(test_RSA_OAEP_set_get_params);
  4218. #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  4219. ADD_TEST(test_decrypt_null_chunks);
  4220. #endif
  4221. #ifndef OPENSSL_NO_DH
  4222. ADD_TEST(test_DH_priv_pub);
  4223. # ifndef OPENSSL_NO_DEPRECATED_3_0
  4224. ADD_TEST(test_EVP_PKEY_set1_DH);
  4225. # endif
  4226. #endif
  4227. #ifndef OPENSSL_NO_EC
  4228. ADD_TEST(test_EC_priv_pub);
  4229. # ifndef OPENSSL_NO_DEPRECATED_3_0
  4230. ADD_TEST(test_EC_priv_only_legacy);
  4231. # endif
  4232. #endif
  4233. ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
  4234. ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
  4235. ADD_TEST(test_rand_agglomeration);
  4236. ADD_ALL_TESTS(test_evp_iv_aes, 12);
  4237. #ifndef OPENSSL_NO_DES
  4238. ADD_ALL_TESTS(test_evp_iv_des, 6);
  4239. #endif
  4240. #ifndef OPENSSL_NO_BF
  4241. ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
  4242. #endif
  4243. ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
  4244. ADD_TEST(test_EVP_rsa_pss_set_saltlen);
  4245. #ifndef OPENSSL_NO_EC
  4246. ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
  4247. #endif
  4248. ADD_TEST(test_names_do_all);
  4249. ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
  4250. ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
  4251. ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
  4252. ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
  4253. #ifndef OPENSSL_NO_DEPRECATED_3_0
  4254. ADD_ALL_TESTS(test_custom_pmeth, 12);
  4255. ADD_TEST(test_evp_md_cipher_meth);
  4256. ADD_TEST(test_custom_md_meth);
  4257. ADD_TEST(test_custom_ciph_meth);
  4258. # ifndef OPENSSL_NO_DYNAMIC_ENGINE
  4259. /* Tests only support the default libctx */
  4260. if (testctx == NULL) {
  4261. # ifndef OPENSSL_NO_EC
  4262. ADD_ALL_TESTS(test_signatures_with_engine, 3);
  4263. # else
  4264. ADD_ALL_TESTS(test_signatures_with_engine, 2);
  4265. # endif
  4266. ADD_TEST(test_cipher_with_engine);
  4267. }
  4268. # endif
  4269. #endif
  4270. ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
  4271. #ifndef OPENSSL_NO_EC
  4272. ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
  4273. #endif
  4274. return 1;
  4275. }
  4276. void cleanup_tests(void)
  4277. {
  4278. OSSL_PROVIDER_unload(nullprov);
  4279. OSSL_PROVIDER_unload(deflprov);
  4280. OSSL_PROVIDER_unload(lgcyprov);
  4281. OSSL_LIB_CTX_free(testctx);
  4282. }