evp_extra_test.c 185 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883188418851886188718881889189018911892189318941895189618971898189919001901190219031904190519061907190819091910191119121913191419151916191719181919192019211922192319241925192619271928192919301931193219331934193519361937193819391940194119421943194419451946194719481949195019511952195319541955195619571958195919601961196219631964196519661967196819691970197119721973197419751976197719781979198019811982198319841985198619871988198919901991199219931994199519961997199819992000200120022003200420052006200720082009201020112012201320142015201620172018201920202021202220232024202520262027202820292030203120322033203420352036203720382039204020412042204320442045204620472048204920502051205220532054205520562057205820592060206120622063206420652066206720682069207020712072207320742075207620772078207920802081208220832084208520862087208820892090209120922093209420952096209720982099210021012102210321042105210621072108210921102111211221132114211521162117211821192120212121222123212421252126212721282129213021312132213321342135213621372138213921402141214221432144214521462147214821492150215121522153215421552156215721582159216021612162216321642165216621672168216921702171217221732174217521762177217821792180218121822183218421852186218721882189219021912192219321942195219621972198219922002201220222032204220522062207220822092210221122122213221422152216221722182219222022212222222322242225222622272228222922302231223222332234223522362237223822392240224122422243224422452246224722482249225022512252225322542255225622572258225922602261226222632264226522662267226822692270227122722273227422752276227722782279228022812282228322842285228622872288228922902291229222932294229522962297229822992300230123022303230423052306230723082309231023112312231323142315231623172318231923202321232223232324232523262327232823292330233123322333233423352336233723382339234023412342234323442345234623472348234923502351235223532354235523562357235823592360236123622363236423652366236723682369237023712372237323742375237623772378237923802381238223832384238523862387238823892390239123922393239423952396239723982399240024012402240324042405240624072408240924102411241224132414241524162417241824192420242124222423242424252426242724282429243024312432243324342435243624372438243924402441244224432444244524462447244824492450245124522453245424552456245724582459246024612462246324642465246624672468246924702471247224732474247524762477247824792480248124822483248424852486248724882489249024912492249324942495249624972498249925002501250225032504250525062507250825092510251125122513251425152516251725182519252025212522252325242525252625272528252925302531253225332534253525362537253825392540254125422543254425452546254725482549255025512552255325542555255625572558255925602561256225632564256525662567256825692570257125722573257425752576257725782579258025812582258325842585258625872588258925902591259225932594259525962597259825992600260126022603260426052606260726082609261026112612261326142615261626172618261926202621262226232624262526262627262826292630263126322633263426352636263726382639264026412642264326442645264626472648264926502651265226532654265526562657265826592660266126622663266426652666266726682669267026712672267326742675267626772678267926802681268226832684268526862687268826892690269126922693269426952696269726982699270027012702270327042705270627072708270927102711271227132714271527162717271827192720272127222723272427252726272727282729273027312732273327342735273627372738273927402741274227432744274527462747274827492750275127522753275427552756275727582759276027612762276327642765276627672768276927702771277227732774277527762777277827792780278127822783278427852786278727882789279027912792279327942795279627972798279928002801280228032804280528062807280828092810281128122813281428152816281728182819282028212822282328242825282628272828282928302831283228332834283528362837283828392840284128422843284428452846284728482849285028512852285328542855285628572858285928602861286228632864286528662867286828692870287128722873287428752876287728782879288028812882288328842885288628872888288928902891289228932894289528962897289828992900290129022903290429052906290729082909291029112912291329142915291629172918291929202921292229232924292529262927292829292930293129322933293429352936293729382939294029412942294329442945294629472948294929502951295229532954295529562957295829592960296129622963296429652966296729682969297029712972297329742975297629772978297929802981298229832984298529862987298829892990299129922993299429952996299729982999300030013002300330043005300630073008300930103011301230133014301530163017301830193020302130223023302430253026302730283029303030313032303330343035303630373038303930403041304230433044304530463047304830493050305130523053305430553056305730583059306030613062306330643065306630673068306930703071307230733074307530763077307830793080308130823083308430853086308730883089309030913092309330943095309630973098309931003101310231033104310531063107310831093110311131123113311431153116311731183119312031213122312331243125312631273128312931303131313231333134313531363137313831393140314131423143314431453146314731483149315031513152315331543155315631573158315931603161316231633164316531663167316831693170317131723173317431753176317731783179318031813182318331843185318631873188318931903191319231933194319531963197319831993200320132023203320432053206320732083209321032113212321332143215321632173218321932203221322232233224322532263227322832293230323132323233323432353236323732383239324032413242324332443245324632473248324932503251325232533254325532563257325832593260326132623263326432653266326732683269327032713272327332743275327632773278327932803281328232833284328532863287328832893290329132923293329432953296329732983299330033013302330333043305330633073308330933103311331233133314331533163317331833193320332133223323332433253326332733283329333033313332333333343335333633373338333933403341334233433344334533463347334833493350335133523353335433553356335733583359336033613362336333643365336633673368336933703371337233733374337533763377337833793380338133823383338433853386338733883389339033913392339333943395339633973398339934003401340234033404340534063407340834093410341134123413341434153416341734183419342034213422342334243425342634273428342934303431343234333434343534363437343834393440344134423443344434453446344734483449345034513452345334543455345634573458345934603461346234633464346534663467346834693470347134723473347434753476347734783479348034813482348334843485348634873488348934903491349234933494349534963497349834993500350135023503350435053506350735083509351035113512351335143515351635173518351935203521352235233524352535263527352835293530353135323533353435353536353735383539354035413542354335443545354635473548354935503551355235533554355535563557355835593560356135623563356435653566356735683569357035713572357335743575357635773578357935803581358235833584358535863587358835893590359135923593359435953596359735983599360036013602360336043605360636073608360936103611361236133614361536163617361836193620362136223623362436253626362736283629363036313632363336343635363636373638363936403641364236433644364536463647364836493650365136523653365436553656365736583659366036613662366336643665366636673668366936703671367236733674367536763677367836793680368136823683368436853686368736883689369036913692369336943695369636973698369937003701370237033704370537063707370837093710371137123713371437153716371737183719372037213722372337243725372637273728372937303731373237333734373537363737373837393740374137423743374437453746374737483749375037513752375337543755375637573758375937603761376237633764376537663767376837693770377137723773377437753776377737783779378037813782378337843785378637873788378937903791379237933794379537963797379837993800380138023803380438053806380738083809381038113812381338143815381638173818381938203821382238233824382538263827382838293830383138323833383438353836383738383839384038413842384338443845384638473848384938503851385238533854385538563857385838593860386138623863386438653866386738683869387038713872387338743875387638773878387938803881388238833884388538863887388838893890389138923893389438953896389738983899390039013902390339043905390639073908390939103911391239133914391539163917391839193920392139223923392439253926392739283929393039313932393339343935393639373938393939403941394239433944394539463947394839493950395139523953395439553956395739583959396039613962396339643965396639673968396939703971397239733974397539763977397839793980398139823983398439853986398739883989399039913992399339943995399639973998399940004001400240034004400540064007400840094010401140124013401440154016401740184019402040214022402340244025402640274028402940304031403240334034403540364037403840394040404140424043404440454046404740484049405040514052405340544055405640574058405940604061406240634064406540664067406840694070407140724073407440754076407740784079408040814082408340844085408640874088408940904091409240934094409540964097409840994100410141024103410441054106410741084109411041114112411341144115411641174118411941204121412241234124412541264127412841294130413141324133413441354136413741384139414041414142414341444145414641474148414941504151415241534154415541564157415841594160416141624163416441654166416741684169417041714172417341744175417641774178417941804181418241834184418541864187418841894190419141924193419441954196419741984199420042014202420342044205420642074208420942104211421242134214421542164217421842194220422142224223422442254226422742284229423042314232423342344235423642374238423942404241424242434244424542464247424842494250425142524253425442554256425742584259426042614262426342644265426642674268426942704271427242734274427542764277427842794280428142824283428442854286428742884289429042914292429342944295429642974298429943004301430243034304430543064307430843094310431143124313431443154316431743184319432043214322432343244325432643274328432943304331433243334334433543364337433843394340434143424343434443454346434743484349435043514352435343544355435643574358435943604361436243634364436543664367436843694370437143724373437443754376437743784379438043814382438343844385438643874388438943904391439243934394439543964397439843994400440144024403440444054406440744084409441044114412441344144415441644174418441944204421442244234424442544264427442844294430443144324433443444354436443744384439444044414442444344444445444644474448444944504451445244534454445544564457445844594460446144624463446444654466446744684469447044714472447344744475447644774478447944804481448244834484448544864487448844894490449144924493449444954496449744984499450045014502450345044505450645074508450945104511451245134514451545164517451845194520452145224523452445254526452745284529453045314532453345344535453645374538453945404541454245434544454545464547454845494550455145524553455445554556455745584559456045614562456345644565456645674568456945704571457245734574457545764577457845794580458145824583458445854586458745884589459045914592459345944595459645974598459946004601460246034604460546064607460846094610461146124613461446154616461746184619462046214622462346244625462646274628462946304631463246334634463546364637463846394640464146424643464446454646464746484649465046514652465346544655465646574658465946604661466246634664466546664667466846694670467146724673467446754676467746784679468046814682468346844685468646874688468946904691469246934694469546964697469846994700470147024703470447054706470747084709471047114712471347144715471647174718471947204721472247234724472547264727472847294730473147324733473447354736473747384739474047414742474347444745474647474748474947504751475247534754475547564757475847594760476147624763476447654766476747684769477047714772477347744775477647774778477947804781478247834784478547864787478847894790479147924793479447954796479747984799480048014802480348044805480648074808480948104811481248134814481548164817481848194820482148224823482448254826482748284829483048314832483348344835483648374838483948404841484248434844484548464847484848494850485148524853485448554856485748584859486048614862486348644865486648674868486948704871487248734874487548764877487848794880488148824883488448854886488748884889489048914892489348944895489648974898489949004901490249034904490549064907490849094910491149124913491449154916491749184919492049214922492349244925492649274928492949304931493249334934493549364937493849394940494149424943494449454946494749484949495049514952495349544955495649574958495949604961496249634964496549664967496849694970497149724973497449754976497749784979498049814982498349844985498649874988498949904991499249934994499549964997499849995000500150025003500450055006500750085009501050115012501350145015501650175018501950205021502250235024502550265027502850295030503150325033503450355036503750385039504050415042504350445045504650475048504950505051505250535054505550565057505850595060506150625063506450655066506750685069507050715072507350745075507650775078507950805081508250835084508550865087508850895090509150925093509450955096509750985099510051015102510351045105510651075108510951105111511251135114511551165117511851195120512151225123512451255126512751285129513051315132513351345135513651375138513951405141514251435144514551465147514851495150515151525153515451555156515751585159516051615162516351645165516651675168516951705171517251735174517551765177517851795180518151825183518451855186518751885189519051915192519351945195519651975198519952005201520252035204520552065207520852095210521152125213521452155216521752185219522052215222522352245225522652275228522952305231523252335234523552365237523852395240524152425243524452455246524752485249525052515252525352545255525652575258525952605261526252635264526552665267526852695270527152725273527452755276527752785279528052815282528352845285528652875288528952905291529252935294529552965297529852995300530153025303530453055306530753085309531053115312531353145315531653175318531953205321532253235324532553265327532853295330533153325333533453355336533753385339534053415342534353445345534653475348534953505351535253535354535553565357535853595360536153625363536453655366536753685369537053715372537353745375537653775378537953805381538253835384538553865387538853895390539153925393539453955396539753985399540054015402540354045405540654075408540954105411541254135414541554165417541854195420542154225423542454255426542754285429543054315432543354345435543654375438543954405441544254435444544554465447544854495450545154525453545454555456545754585459546054615462546354645465546654675468546954705471547254735474547554765477547854795480548154825483548454855486548754885489549054915492549354945495549654975498549955005501550255035504550555065507550855095510551155125513551455155516551755185519552055215522552355245525552655275528552955305531553255335534553555365537553855395540554155425543554455455546554755485549555055515552555355545555555655575558555955605561556255635564556555665567556855695570557155725573557455755576557755785579558055815582558355845585558655875588558955905591559255935594559555965597
  1. /*
  2. * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
  3. *
  4. * Licensed under the Apache License 2.0 (the "License"). You may not use
  5. * this file except in compliance with the License. You can obtain a copy
  6. * in the file LICENSE in the source distribution or at
  7. * https://www.openssl.org/source/license.html
  8. */
  9. /* We need to use some deprecated APIs */
  10. #define OPENSSL_SUPPRESS_DEPRECATED
  11. #include <stdio.h>
  12. #include <stdlib.h>
  13. #include <string.h>
  14. #include <openssl/bio.h>
  15. #include <openssl/conf.h>
  16. #include <openssl/crypto.h>
  17. #include <openssl/err.h>
  18. #include <openssl/evp.h>
  19. #include <openssl/x509.h>
  20. #include <openssl/pem.h>
  21. #include <openssl/kdf.h>
  22. #include <openssl/provider.h>
  23. #include <openssl/core_names.h>
  24. #include <openssl/params.h>
  25. #include <openssl/param_build.h>
  26. #include <openssl/dsa.h>
  27. #include <openssl/dh.h>
  28. #include <openssl/aes.h>
  29. #include <openssl/decoder.h>
  30. #include <openssl/rsa.h>
  31. #include <openssl/engine.h>
  32. #include <openssl/proverr.h>
  33. #include "testutil.h"
  34. #include "internal/nelem.h"
  35. #include "internal/sizes.h"
  36. #include "crypto/evp.h"
  37. #include "fake_rsaprov.h"
  38. static OSSL_LIB_CTX *testctx = NULL;
  39. static char *testpropq = NULL;
  40. static OSSL_PROVIDER *nullprov = NULL;
  41. static OSSL_PROVIDER *deflprov = NULL;
  42. static OSSL_PROVIDER *lgcyprov = NULL;
  43. /*
  44. * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
  45. * should never use this key anywhere but in an example.
  46. */
  47. static const unsigned char kExampleRSAKeyDER[] = {
  48. 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
  49. 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
  50. 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
  51. 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
  52. 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
  53. 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
  54. 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
  55. 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
  56. 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
  57. 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
  58. 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
  59. 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
  60. 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
  61. 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
  62. 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
  63. 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
  64. 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
  65. 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
  66. 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
  67. 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
  68. 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
  69. 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
  70. 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
  71. 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
  72. 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
  73. 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
  74. 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
  75. 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
  76. 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
  77. 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
  78. 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
  79. 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
  80. 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
  81. 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
  82. 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
  83. 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
  84. 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
  85. 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
  86. 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
  87. 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
  88. 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
  89. 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
  90. 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
  91. 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
  92. 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
  93. 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
  94. 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
  95. 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
  96. 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
  97. 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
  98. 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
  99. };
  100. /*
  101. * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
  102. * should never use this key anywhere but in an example.
  103. */
  104. #ifndef OPENSSL_NO_DSA
  105. static const unsigned char kExampleDSAKeyDER[] = {
  106. 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
  107. 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
  108. 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
  109. 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
  110. 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
  111. 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
  112. 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
  113. 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
  114. 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
  115. 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
  116. 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
  117. 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
  118. 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
  119. 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
  120. 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
  121. 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
  122. 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
  123. 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
  124. 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
  125. 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
  126. 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
  127. 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
  128. 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
  129. 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
  130. 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
  131. 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
  132. 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
  133. 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
  134. 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
  135. 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
  136. 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
  137. 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
  138. 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
  139. 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
  140. 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
  141. 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
  142. 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
  143. 0x40, 0x48
  144. };
  145. #endif
  146. /*
  147. * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
  148. * components are not correct.
  149. */
  150. static const unsigned char kExampleBadRSAKeyDER[] = {
  151. 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
  152. 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
  153. 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
  154. 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
  155. 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
  156. 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
  157. 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
  158. 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
  159. 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
  160. 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
  161. 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
  162. 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
  163. 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
  164. 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
  165. 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
  166. 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
  167. 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
  168. 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
  169. 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
  170. 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
  171. 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
  172. 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
  173. 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
  174. 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
  175. 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
  176. 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
  177. 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
  178. 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
  179. 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
  180. 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
  181. 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
  182. 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
  183. 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
  184. 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
  185. 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
  186. 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
  187. 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
  188. 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
  189. 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
  190. 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
  191. 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
  192. 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
  193. 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
  194. 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
  195. 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
  196. 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
  197. 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
  198. 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
  199. 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
  200. 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
  201. 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
  202. 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
  203. 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
  204. 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
  205. 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
  206. 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
  207. 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
  208. 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
  209. 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
  210. 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
  211. 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
  212. 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
  213. 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
  214. 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
  215. 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
  216. 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
  217. 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
  218. 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
  219. 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
  220. 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
  221. 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
  222. 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
  223. 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
  224. 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
  225. 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
  226. 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
  227. 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
  228. 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
  229. 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
  230. 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
  231. 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
  232. 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
  233. 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
  234. 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
  235. 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
  236. 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
  237. 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
  238. 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
  239. 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
  240. };
  241. /*
  242. * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
  243. * values are 0.
  244. */
  245. static const unsigned char kExampleBad2RSAKeyDER[] = {
  246. 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
  247. 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
  248. 0x01, 0x00, 0x02, 0x01, 0x00
  249. };
  250. static const unsigned char kMsg[] = { 1, 2, 3, 4 };
  251. static const unsigned char kSignature[] = {
  252. 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
  253. 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
  254. 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
  255. 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
  256. 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
  257. 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
  258. 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
  259. 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
  260. 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
  261. 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
  262. 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
  263. };
  264. /*
  265. * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
  266. * PrivateKeyInfo.
  267. */
  268. static const unsigned char kExampleRSAKeyPKCS8[] = {
  269. 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
  270. 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
  271. 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
  272. 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
  273. 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
  274. 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
  275. 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
  276. 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
  277. 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
  278. 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
  279. 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
  280. 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
  281. 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
  282. 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
  283. 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
  284. 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
  285. 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
  286. 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
  287. 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
  288. 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
  289. 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
  290. 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
  291. 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
  292. 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
  293. 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
  294. 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
  295. 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
  296. 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
  297. 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
  298. 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
  299. 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
  300. 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
  301. 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
  302. 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
  303. 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
  304. 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
  305. 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
  306. 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
  307. 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
  308. 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
  309. 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
  310. 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
  311. 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
  312. 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
  313. 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
  314. 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
  315. 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
  316. 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
  317. 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
  318. 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
  319. 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
  320. 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
  321. 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
  322. };
  323. #ifndef OPENSSL_NO_EC
  324. /*
  325. * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
  326. * structure.
  327. */
  328. static const unsigned char kExampleECKeyDER[] = {
  329. 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
  330. 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
  331. 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
  332. 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
  333. 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
  334. 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
  335. 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
  336. 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
  337. 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
  338. 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
  339. 0xc1,
  340. };
  341. /*
  342. * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
  343. * structure. The private key is equal to the order and will fail to import
  344. */
  345. static const unsigned char kExampleBadECKeyDER[] = {
  346. 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
  347. 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
  348. 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
  349. 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
  350. 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
  351. 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
  352. 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
  353. 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
  354. 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
  355. };
  356. /* prime256v1 */
  357. static const unsigned char kExampleECPubKeyDER[] = {
  358. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  359. 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
  360. 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
  361. 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
  362. 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
  363. 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
  364. 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
  365. 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
  366. };
  367. /*
  368. * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
  369. * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
  370. */
  371. static const unsigned char kExampleBadECPubKeyDER[] = {
  372. 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  373. 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
  374. 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
  375. 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
  376. 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
  377. 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
  378. 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
  379. 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
  380. };
  381. static const unsigned char pExampleECParamDER[] = {
  382. 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
  383. };
  384. # ifndef OPENSSL_NO_ECX
  385. static const unsigned char kExampleED25519KeyDER[] = {
  386. 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
  387. 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
  388. 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
  389. 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
  390. };
  391. static const unsigned char kExampleED25519PubKeyDER[] = {
  392. 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
  393. 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
  394. 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
  395. 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
  396. };
  397. # ifndef OPENSSL_NO_DEPRECATED_3_0
  398. static const unsigned char kExampleX25519KeyDER[] = {
  399. 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
  400. 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
  401. 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
  402. 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
  403. };
  404. # endif
  405. # endif
  406. #endif
  407. /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
  408. #ifndef OPENSSL_NO_DEPRECATED_3_0
  409. # ifndef OPENSSL_NO_DH
  410. static const unsigned char kExampleDHKeyDER[] = {
  411. 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
  412. 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
  413. 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
  414. 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
  415. 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
  416. 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
  417. 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
  418. 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
  419. 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
  420. 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
  421. 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
  422. 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
  423. 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
  424. 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
  425. 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
  426. 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
  427. 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
  428. 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
  429. 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
  430. 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
  431. 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
  432. 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
  433. 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
  434. 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
  435. 0x2e, 0x87, 0x2a, 0x0b, 0x7a
  436. };
  437. # endif
  438. #endif
  439. static const unsigned char kCFBDefaultKey[] = {
  440. 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
  441. 0x09, 0xCF, 0x4F, 0x3C
  442. };
  443. static const unsigned char kGCMDefaultKey[32] = { 0 };
  444. static const unsigned char kGCMResetKey[] = {
  445. 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
  446. 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
  447. 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
  448. };
  449. static const unsigned char iCFBIV[] = {
  450. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
  451. 0x0C, 0x0D, 0x0E, 0x0F
  452. };
  453. static const unsigned char iGCMDefaultIV[12] = { 0 };
  454. static const unsigned char iGCMResetIV1[] = {
  455. 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
  456. };
  457. static const unsigned char iGCMResetIV2[] = {
  458. 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
  459. };
  460. static const unsigned char cfbPlaintext[] = {
  461. 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
  462. 0x73, 0x93, 0x17, 0x2A
  463. };
  464. static const unsigned char gcmDefaultPlaintext[16] = { 0 };
  465. static const unsigned char gcmResetPlaintext[] = {
  466. 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
  467. 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
  468. 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
  469. 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
  470. 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
  471. };
  472. static const unsigned char cfbCiphertext[] = {
  473. 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
  474. 0xE8, 0x3C, 0xFB, 0x4A
  475. };
  476. static const unsigned char gcmDefaultCiphertext[] = {
  477. 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
  478. 0xba, 0xf3, 0x9d, 0x18
  479. };
  480. static const unsigned char gcmResetCiphertext1[] = {
  481. 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
  482. 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
  483. 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
  484. 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
  485. 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
  486. };
  487. static const unsigned char gcmResetCiphertext2[] = {
  488. 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
  489. 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
  490. 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
  491. 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
  492. 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
  493. };
  494. static const unsigned char gcmAAD[] = {
  495. 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
  496. 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
  497. };
  498. static const unsigned char gcmDefaultTag[] = {
  499. 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
  500. 0xd4, 0x8a, 0xb9, 0x19
  501. };
  502. static const unsigned char gcmResetTag1[] = {
  503. 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
  504. 0xfe, 0x2e, 0xa8, 0xf2
  505. };
  506. static const unsigned char gcmResetTag2[] = {
  507. 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
  508. 0xbb, 0x2d, 0x55, 0x1b
  509. };
  510. typedef struct APK_DATA_st {
  511. const unsigned char *kder;
  512. size_t size;
  513. const char *keytype;
  514. int evptype;
  515. int check;
  516. int pub_check;
  517. int param_check;
  518. int type; /* 0 for private, 1 for public, 2 for params */
  519. } APK_DATA;
  520. static APK_DATA keydata[] = {
  521. {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA},
  522. {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA},
  523. #ifndef OPENSSL_NO_EC
  524. {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC}
  525. #endif
  526. };
  527. static APK_DATA keycheckdata[] = {
  528. {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1,
  529. 0},
  530. {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA,
  531. 0, 1, 1, 0},
  532. {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA,
  533. 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
  534. #ifndef OPENSSL_NO_EC
  535. {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0},
  536. /* group is also associated in our pub key */
  537. {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1,
  538. 1, 1},
  539. {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1,
  540. 2},
  541. # ifndef OPENSSL_NO_ECX
  542. {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519",
  543. EVP_PKEY_ED25519, 1, 1, 1, 0},
  544. {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519",
  545. EVP_PKEY_ED25519, 0, 1, 1, 1},
  546. # endif
  547. #endif
  548. };
  549. static EVP_PKEY *load_example_key(const char *keytype,
  550. const unsigned char *data, size_t data_len)
  551. {
  552. const unsigned char **pdata = &data;
  553. EVP_PKEY *pkey = NULL;
  554. OSSL_DECODER_CTX *dctx =
  555. OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0,
  556. testctx, testpropq);
  557. /* |pkey| will be NULL on error */
  558. (void)OSSL_DECODER_from_data(dctx, pdata, &data_len);
  559. OSSL_DECODER_CTX_free(dctx);
  560. return pkey;
  561. }
  562. static EVP_PKEY *load_example_rsa_key(void)
  563. {
  564. return load_example_key("RSA", kExampleRSAKeyDER,
  565. sizeof(kExampleRSAKeyDER));
  566. }
  567. #ifndef OPENSSL_NO_DSA
  568. static EVP_PKEY *load_example_dsa_key(void)
  569. {
  570. return load_example_key("DSA", kExampleDSAKeyDER,
  571. sizeof(kExampleDSAKeyDER));
  572. }
  573. #endif
  574. #ifndef OPENSSL_NO_EC
  575. static EVP_PKEY *load_example_ec_key(void)
  576. {
  577. return load_example_key("EC", kExampleECKeyDER,
  578. sizeof(kExampleECKeyDER));
  579. }
  580. #endif
  581. #ifndef OPENSSL_NO_DEPRECATED_3_0
  582. # ifndef OPENSSL_NO_DH
  583. static EVP_PKEY *load_example_dh_key(void)
  584. {
  585. return load_example_key("DH", kExampleDHKeyDER,
  586. sizeof(kExampleDHKeyDER));
  587. }
  588. # endif
  589. # ifndef OPENSSL_NO_ECX
  590. static EVP_PKEY *load_example_ed25519_key(void)
  591. {
  592. return load_example_key("ED25519", kExampleED25519KeyDER,
  593. sizeof(kExampleED25519KeyDER));
  594. }
  595. static EVP_PKEY *load_example_x25519_key(void)
  596. {
  597. return load_example_key("X25519", kExampleX25519KeyDER,
  598. sizeof(kExampleX25519KeyDER));
  599. }
  600. # endif
  601. #endif /* OPENSSL_NO_DEPRECATED_3_0 */
  602. static EVP_PKEY *load_example_hmac_key(void)
  603. {
  604. EVP_PKEY *pkey = NULL;
  605. unsigned char key[] = {
  606. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  607. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  608. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
  609. };
  610. pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC",
  611. NULL, key, sizeof(key));
  612. if (!TEST_ptr(pkey))
  613. return NULL;
  614. return pkey;
  615. }
  616. static int test_EVP_set_default_properties(void)
  617. {
  618. OSSL_LIB_CTX *ctx;
  619. EVP_MD *md = NULL;
  620. int res = 0;
  621. if (!TEST_ptr(ctx = OSSL_LIB_CTX_new())
  622. || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
  623. goto err;
  624. EVP_MD_free(md);
  625. md = NULL;
  626. if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang"))
  627. || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL))
  628. || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider")))
  629. goto err;
  630. EVP_MD_free(md);
  631. md = NULL;
  632. if (!TEST_true(EVP_set_default_properties(ctx, NULL))
  633. || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL)))
  634. goto err;
  635. res = 1;
  636. err:
  637. EVP_MD_free(md);
  638. OSSL_LIB_CTX_free(ctx);
  639. return res;
  640. }
  641. #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
  642. static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params)
  643. {
  644. EVP_PKEY_CTX *pctx = NULL;
  645. EVP_PKEY *tmp_pkey = NULL, *pkey = NULL;
  646. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq)))
  647. goto err;
  648. if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
  649. || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR,
  650. params), 0))
  651. goto err;
  652. if (!TEST_ptr(tmp_pkey))
  653. goto err;
  654. pkey = tmp_pkey;
  655. tmp_pkey = NULL;
  656. err:
  657. EVP_PKEY_free(tmp_pkey);
  658. EVP_PKEY_CTX_free(pctx);
  659. return pkey;
  660. }
  661. static int test_selection(EVP_PKEY *pkey, int selection)
  662. {
  663. int testresult = 0;
  664. int ret;
  665. BIO *bio = BIO_new(BIO_s_mem());
  666. ret = PEM_write_bio_PUBKEY(bio, pkey);
  667. if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) {
  668. if (!TEST_true(ret))
  669. goto err;
  670. } else {
  671. if (!TEST_false(ret))
  672. goto err;
  673. }
  674. ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL,
  675. testctx, NULL);
  676. if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) {
  677. if (!TEST_true(ret))
  678. goto err;
  679. } else {
  680. if (!TEST_false(ret))
  681. goto err;
  682. }
  683. testresult = 1;
  684. err:
  685. BIO_free(bio);
  686. return testresult;
  687. }
  688. #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
  689. /*
  690. * Test combinations of private, public, missing and private + public key
  691. * params to ensure they are all accepted
  692. */
  693. #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
  694. static int test_EVP_PKEY_ffc_priv_pub(char *keytype)
  695. {
  696. OSSL_PARAM_BLD *bld = NULL;
  697. OSSL_PARAM *params = NULL;
  698. EVP_PKEY *just_params = NULL;
  699. EVP_PKEY *params_and_priv = NULL;
  700. EVP_PKEY *params_and_pub = NULL;
  701. EVP_PKEY *params_and_keypair = NULL;
  702. BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
  703. int ret = 0;
  704. /*
  705. * Setup the parameters for our pkey object. For our purposes they don't
  706. * have to actually be *valid* parameters. We just need to set something.
  707. */
  708. if (!TEST_ptr(p = BN_new())
  709. || !TEST_ptr(q = BN_new())
  710. || !TEST_ptr(g = BN_new())
  711. || !TEST_ptr(pub = BN_new())
  712. || !TEST_ptr(priv = BN_new()))
  713. goto err;
  714. /* Test !priv and !pub */
  715. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  716. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
  717. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
  718. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)))
  719. goto err;
  720. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  721. || !TEST_ptr(just_params = make_key_fromdata(keytype, params)))
  722. goto err;
  723. OSSL_PARAM_free(params);
  724. OSSL_PARAM_BLD_free(bld);
  725. params = NULL;
  726. bld = NULL;
  727. if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
  728. || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
  729. goto err;
  730. /* Test priv and !pub */
  731. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  732. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
  733. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
  734. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
  735. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
  736. priv)))
  737. goto err;
  738. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  739. || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params)))
  740. goto err;
  741. OSSL_PARAM_free(params);
  742. OSSL_PARAM_BLD_free(bld);
  743. params = NULL;
  744. bld = NULL;
  745. if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)
  746. || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
  747. goto err;
  748. /* Test !priv and pub */
  749. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  750. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
  751. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
  752. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
  753. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
  754. pub)))
  755. goto err;
  756. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  757. || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params)))
  758. goto err;
  759. OSSL_PARAM_free(params);
  760. OSSL_PARAM_BLD_free(bld);
  761. params = NULL;
  762. bld = NULL;
  763. if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
  764. || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
  765. goto err;
  766. /* Test priv and pub */
  767. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  768. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
  769. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
  770. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
  771. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
  772. pub))
  773. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
  774. priv)))
  775. goto err;
  776. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  777. || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params)))
  778. goto err;
  779. if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
  780. goto err;
  781. ret = 1;
  782. err:
  783. OSSL_PARAM_free(params);
  784. OSSL_PARAM_BLD_free(bld);
  785. EVP_PKEY_free(just_params);
  786. EVP_PKEY_free(params_and_priv);
  787. EVP_PKEY_free(params_and_pub);
  788. EVP_PKEY_free(params_and_keypair);
  789. BN_free(p);
  790. BN_free(q);
  791. BN_free(g);
  792. BN_free(pub);
  793. BN_free(priv);
  794. return ret;
  795. }
  796. #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
  797. /*
  798. * Test combinations of private, public, missing and private + public key
  799. * params to ensure they are all accepted for EC keys
  800. */
  801. #ifndef OPENSSL_NO_EC
  802. static unsigned char ec_priv[] = {
  803. 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
  804. 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
  805. 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
  806. };
  807. static unsigned char ec_pub[] = {
  808. 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
  809. 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
  810. 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
  811. 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
  812. 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
  813. 0x08, 0x09, 0xb8, 0xdb, 0x03
  814. };
  815. static int test_EC_priv_pub(void)
  816. {
  817. OSSL_PARAM_BLD *bld = NULL;
  818. OSSL_PARAM *params = NULL;
  819. EVP_PKEY *just_params = NULL;
  820. EVP_PKEY *params_and_priv = NULL;
  821. EVP_PKEY *params_and_pub = NULL;
  822. EVP_PKEY *params_and_keypair = NULL;
  823. BIGNUM *priv = NULL;
  824. int ret = 0;
  825. unsigned char *encoded = NULL;
  826. size_t len = 0;
  827. unsigned char buffer[128];
  828. /*
  829. * Setup the parameters for our pkey object. For our purposes they don't
  830. * have to actually be *valid* parameters. We just need to set something.
  831. */
  832. if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
  833. goto err;
  834. /* Test !priv and !pub */
  835. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  836. || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
  837. OSSL_PKEY_PARAM_GROUP_NAME,
  838. "P-256", 0)))
  839. goto err;
  840. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  841. || !TEST_ptr(just_params = make_key_fromdata("EC", params)))
  842. goto err;
  843. OSSL_PARAM_free(params);
  844. OSSL_PARAM_BLD_free(bld);
  845. params = NULL;
  846. bld = NULL;
  847. if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
  848. || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR))
  849. goto err;
  850. /* Test priv and !pub */
  851. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  852. || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
  853. OSSL_PKEY_PARAM_GROUP_NAME,
  854. "P-256", 0))
  855. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
  856. priv)))
  857. goto err;
  858. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  859. || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params)))
  860. goto err;
  861. OSSL_PARAM_free(params);
  862. OSSL_PARAM_BLD_free(bld);
  863. params = NULL;
  864. bld = NULL;
  865. /*
  866. * We indicate only parameters here, in spite of having built a key that
  867. * has a private part, because the PEM_write_bio_PrivateKey_ex call is
  868. * expected to fail because it does not support exporting a private EC
  869. * key without a corresponding public key
  870. */
  871. if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS)
  872. || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY))
  873. goto err;
  874. /* Test !priv and pub */
  875. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  876. || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
  877. OSSL_PKEY_PARAM_GROUP_NAME,
  878. "P-256", 0))
  879. || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
  880. OSSL_PKEY_PARAM_PUB_KEY,
  881. ec_pub, sizeof(ec_pub))))
  882. goto err;
  883. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  884. || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params)))
  885. goto err;
  886. OSSL_PARAM_free(params);
  887. OSSL_PARAM_BLD_free(bld);
  888. params = NULL;
  889. bld = NULL;
  890. if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)
  891. || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY))
  892. goto err;
  893. /* Test priv and pub */
  894. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  895. || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
  896. OSSL_PKEY_PARAM_GROUP_NAME,
  897. "P-256", 0))
  898. || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
  899. OSSL_PKEY_PARAM_PUB_KEY,
  900. ec_pub, sizeof(ec_pub)))
  901. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
  902. priv)))
  903. goto err;
  904. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  905. || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params)))
  906. goto err;
  907. if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR))
  908. goto err;
  909. /* Try key equality */
  910. if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0)
  911. || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub),
  912. 0)
  913. || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv),
  914. 0)
  915. || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair),
  916. 0)
  917. || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0)
  918. || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0)
  919. || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0)
  920. || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0))
  921. goto err;
  922. /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
  923. if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0))
  924. goto err;
  925. OPENSSL_free(encoded);
  926. encoded = NULL;
  927. if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) {
  928. OPENSSL_free(encoded);
  929. encoded = NULL;
  930. goto err;
  931. }
  932. /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
  933. if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
  934. OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
  935. buffer, sizeof(buffer), &len), 1)
  936. || !TEST_int_eq(len, 65))
  937. goto err;
  938. len = 0;
  939. if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
  940. OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
  941. NULL, 0, &len), 1)
  942. || !TEST_int_eq(len, 65))
  943. goto err;
  944. /* too-short buffer len*/
  945. if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub,
  946. OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY,
  947. buffer, 10, &len), 0))
  948. goto err;
  949. ret = 1;
  950. err:
  951. OSSL_PARAM_free(params);
  952. OSSL_PARAM_BLD_free(bld);
  953. EVP_PKEY_free(just_params);
  954. EVP_PKEY_free(params_and_priv);
  955. EVP_PKEY_free(params_and_pub);
  956. EVP_PKEY_free(params_and_keypair);
  957. BN_free(priv);
  958. return ret;
  959. }
  960. /* Also test that we can read the EC PUB affine coordinates */
  961. static int test_evp_get_ec_pub(void)
  962. {
  963. OSSL_PARAM_BLD *bld = NULL;
  964. OSSL_PARAM *params = NULL;
  965. unsigned char *pad = NULL;
  966. EVP_PKEY *keypair = NULL;
  967. BIGNUM *priv = NULL;
  968. BIGNUM *x = NULL;
  969. BIGNUM *y = NULL;
  970. int ret = 0;
  971. if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
  972. goto err;
  973. if (!TEST_ptr(bld = OSSL_PARAM_BLD_new())
  974. || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld,
  975. OSSL_PKEY_PARAM_GROUP_NAME,
  976. "P-256", 0))
  977. || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld,
  978. OSSL_PKEY_PARAM_PUB_KEY,
  979. ec_pub, sizeof(ec_pub)))
  980. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
  981. priv)))
  982. goto err;
  983. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))
  984. || !TEST_ptr(keypair = make_key_fromdata("EC", params)))
  985. goto err;
  986. if (!test_selection(keypair, EVP_PKEY_KEYPAIR))
  987. goto err;
  988. if (!EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_X, &x)
  989. || !EVP_PKEY_get_bn_param(keypair, OSSL_PKEY_PARAM_EC_PUB_Y, &y))
  990. goto err;
  991. if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
  992. goto err;
  993. pad[0] = ec_pub[0];
  994. BN_bn2bin(x, &pad[1]);
  995. BN_bn2bin(y, &pad[33]);
  996. if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
  997. goto err;
  998. ret = 1;
  999. err:
  1000. OSSL_PARAM_free(params);
  1001. OSSL_PARAM_BLD_free(bld);
  1002. EVP_PKEY_free(keypair);
  1003. OPENSSL_free(pad);
  1004. BN_free(priv);
  1005. BN_free(x);
  1006. BN_free(y);
  1007. return ret;
  1008. }
  1009. /* Test that using a legacy EC key with only a private key in it works */
  1010. # ifndef OPENSSL_NO_DEPRECATED_3_0
  1011. static int test_EC_priv_only_legacy(void)
  1012. {
  1013. BIGNUM *priv = NULL;
  1014. int ret = 0;
  1015. EC_KEY *eckey = NULL;
  1016. EVP_PKEY *pkey = NULL, *dup_pk = NULL;
  1017. EVP_MD_CTX *ctx = NULL;
  1018. /* Create the low level EC_KEY */
  1019. if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
  1020. goto err;
  1021. eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
  1022. if (!TEST_ptr(eckey))
  1023. goto err;
  1024. if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
  1025. goto err;
  1026. pkey = EVP_PKEY_new();
  1027. if (!TEST_ptr(pkey))
  1028. goto err;
  1029. if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
  1030. goto err;
  1031. eckey = NULL;
  1032. while (dup_pk == NULL) {
  1033. ret = 0;
  1034. ctx = EVP_MD_CTX_new();
  1035. if (!TEST_ptr(ctx))
  1036. goto err;
  1037. /*
  1038. * The EVP_DigestSignInit function should create the key on the
  1039. * provider side which is sufficient for this test.
  1040. */
  1041. if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx,
  1042. testpropq, pkey, NULL)))
  1043. goto err;
  1044. EVP_MD_CTX_free(ctx);
  1045. ctx = NULL;
  1046. if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey)))
  1047. goto err;
  1048. /* EVP_PKEY_eq() returns -2 with missing public keys */
  1049. ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2);
  1050. EVP_PKEY_free(pkey);
  1051. pkey = dup_pk;
  1052. if (!ret)
  1053. goto err;
  1054. }
  1055. err:
  1056. EVP_MD_CTX_free(ctx);
  1057. EVP_PKEY_free(pkey);
  1058. EC_KEY_free(eckey);
  1059. BN_free(priv);
  1060. return ret;
  1061. }
  1062. static int test_evp_get_ec_pub_legacy(void)
  1063. {
  1064. OSSL_LIB_CTX *libctx = NULL;
  1065. unsigned char *pad = NULL;
  1066. EVP_PKEY *pkey = NULL;
  1067. EC_KEY *eckey = NULL;
  1068. BIGNUM *priv = NULL;
  1069. BIGNUM *x = NULL;
  1070. BIGNUM *y = NULL;
  1071. int ret = 0;
  1072. if (!TEST_ptr(libctx = OSSL_LIB_CTX_new()))
  1073. goto err;
  1074. /* Create the legacy key */
  1075. if (!TEST_ptr(eckey = EC_KEY_new_by_curve_name_ex(libctx, NULL,
  1076. NID_X9_62_prime256v1)))
  1077. goto err;
  1078. if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL)))
  1079. goto err;
  1080. if (!TEST_true(EC_KEY_set_private_key(eckey, priv)))
  1081. goto err;
  1082. if (!TEST_ptr(x = BN_bin2bn(&ec_pub[1], 32, NULL)))
  1083. goto err;
  1084. if (!TEST_ptr(y = BN_bin2bn(&ec_pub[33], 32, NULL)))
  1085. goto err;
  1086. if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey, x, y)))
  1087. goto err;
  1088. if (!TEST_ptr(pkey = EVP_PKEY_new()))
  1089. goto err;
  1090. /* Transfer the legacy key */
  1091. if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey)))
  1092. goto err;
  1093. eckey = NULL;
  1094. if (!TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_X, &x))
  1095. || !TEST_true(EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_EC_PUB_Y, &y)))
  1096. goto err;
  1097. if (!TEST_ptr(pad = OPENSSL_zalloc(sizeof(ec_pub))))
  1098. goto err;
  1099. pad[0] = ec_pub[0];
  1100. BN_bn2bin(x, &pad[1]);
  1101. BN_bn2bin(y, &pad[33]);
  1102. if (!TEST_true(memcmp(ec_pub, pad, sizeof(ec_pub)) == 0))
  1103. goto err;
  1104. ret = 1;
  1105. err:
  1106. OSSL_LIB_CTX_free(libctx);
  1107. EVP_PKEY_free(pkey);
  1108. EC_KEY_free(eckey);
  1109. OPENSSL_free(pad);
  1110. BN_free(priv);
  1111. BN_free(x);
  1112. BN_free(y);
  1113. return ret;
  1114. }
  1115. # endif /* OPENSSL_NO_DEPRECATED_3_0 */
  1116. #endif /* OPENSSL_NO_EC */
  1117. static int test_EVP_PKEY_sign(int tst)
  1118. {
  1119. int ret = 0;
  1120. EVP_PKEY *pkey = NULL;
  1121. unsigned char *sig = NULL;
  1122. size_t sig_len = 0, shortsig_len = 1;
  1123. EVP_PKEY_CTX *ctx = NULL;
  1124. unsigned char tbs[] = {
  1125. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  1126. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
  1127. };
  1128. if (tst == 0) {
  1129. if (!TEST_ptr(pkey = load_example_rsa_key()))
  1130. goto out;
  1131. } else if (tst == 1) {
  1132. #ifndef OPENSSL_NO_DSA
  1133. if (!TEST_ptr(pkey = load_example_dsa_key()))
  1134. goto out;
  1135. #else
  1136. ret = 1;
  1137. goto out;
  1138. #endif
  1139. } else {
  1140. #ifndef OPENSSL_NO_EC
  1141. if (!TEST_ptr(pkey = load_example_ec_key()))
  1142. goto out;
  1143. #else
  1144. ret = 1;
  1145. goto out;
  1146. #endif
  1147. }
  1148. ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
  1149. if (!TEST_ptr(ctx)
  1150. || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
  1151. || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
  1152. sizeof(tbs)), 0))
  1153. goto out;
  1154. sig = OPENSSL_malloc(sig_len);
  1155. if (!TEST_ptr(sig)
  1156. /* Test sending a signature buffer that is too short is rejected */
  1157. || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
  1158. sizeof(tbs)), 0)
  1159. || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
  1160. 0)
  1161. /* Test the signature round-trips */
  1162. || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
  1163. || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
  1164. 0))
  1165. goto out;
  1166. ret = 1;
  1167. out:
  1168. EVP_PKEY_CTX_free(ctx);
  1169. OPENSSL_free(sig);
  1170. EVP_PKEY_free(pkey);
  1171. return ret;
  1172. }
  1173. #ifndef OPENSSL_NO_DEPRECATED_3_0
  1174. static int test_EVP_PKEY_sign_with_app_method(int tst)
  1175. {
  1176. int ret = 0;
  1177. EVP_PKEY *pkey = NULL;
  1178. RSA *rsa = NULL;
  1179. RSA_METHOD *rsa_meth = NULL;
  1180. #ifndef OPENSSL_NO_DSA
  1181. DSA *dsa = NULL;
  1182. DSA_METHOD *dsa_meth = NULL;
  1183. #endif
  1184. unsigned char *sig = NULL;
  1185. size_t sig_len = 0, shortsig_len = 1;
  1186. EVP_PKEY_CTX *ctx = NULL;
  1187. unsigned char tbs[] = {
  1188. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  1189. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
  1190. };
  1191. if (tst == 0) {
  1192. if (!TEST_ptr(pkey = load_example_rsa_key()))
  1193. goto out;
  1194. if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method())))
  1195. goto out;
  1196. if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey))
  1197. || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0)
  1198. || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0))
  1199. goto out;
  1200. rsa = NULL; /* now owned by the pkey */
  1201. } else {
  1202. #ifndef OPENSSL_NO_DSA
  1203. if (!TEST_ptr(pkey = load_example_dsa_key()))
  1204. goto out;
  1205. if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method())))
  1206. goto out;
  1207. if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey))
  1208. || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0)
  1209. || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0))
  1210. goto out;
  1211. dsa = NULL; /* now owned by the pkey */
  1212. #else
  1213. ret = 1;
  1214. goto out;
  1215. #endif
  1216. }
  1217. ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
  1218. if (!TEST_ptr(ctx)
  1219. || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
  1220. || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
  1221. sizeof(tbs)), 0))
  1222. goto out;
  1223. sig = OPENSSL_malloc(sig_len);
  1224. if (!TEST_ptr(sig)
  1225. /* Test sending a signature buffer that is too short is rejected */
  1226. || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
  1227. sizeof(tbs)), 0)
  1228. || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
  1229. 0)
  1230. /* Test the signature round-trips */
  1231. || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
  1232. || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
  1233. 0))
  1234. goto out;
  1235. ret = 1;
  1236. out:
  1237. EVP_PKEY_CTX_free(ctx);
  1238. OPENSSL_free(sig);
  1239. EVP_PKEY_free(pkey);
  1240. RSA_free(rsa);
  1241. RSA_meth_free(rsa_meth);
  1242. #ifndef OPENSSL_NO_DSA
  1243. DSA_free(dsa);
  1244. DSA_meth_free(dsa_meth);
  1245. #endif
  1246. return ret;
  1247. }
  1248. #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
  1249. /*
  1250. * n = 0 => test using legacy cipher
  1251. * n = 1 => test using fetched cipher
  1252. */
  1253. static int test_EVP_Enveloped(int n)
  1254. {
  1255. int ret = 0;
  1256. EVP_CIPHER_CTX *ctx = NULL;
  1257. EVP_PKEY *keypair = NULL;
  1258. unsigned char *kek = NULL;
  1259. unsigned char iv[EVP_MAX_IV_LENGTH];
  1260. static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
  1261. int len, kek_len, ciphertext_len, plaintext_len;
  1262. unsigned char ciphertext[32], plaintext[16];
  1263. EVP_CIPHER *type = NULL;
  1264. if (nullprov != NULL)
  1265. return TEST_skip("Test does not support a non-default library context");
  1266. if (n == 0)
  1267. type = (EVP_CIPHER *)EVP_aes_256_cbc();
  1268. else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC",
  1269. testpropq)))
  1270. goto err;
  1271. if (!TEST_ptr(keypair = load_example_rsa_key())
  1272. || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair)))
  1273. || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  1274. || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv,
  1275. &keypair, 1))
  1276. || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len,
  1277. msg, sizeof(msg)))
  1278. || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len,
  1279. &len)))
  1280. goto err;
  1281. ciphertext_len += len;
  1282. if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair))
  1283. || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len,
  1284. ciphertext, ciphertext_len))
  1285. || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len)))
  1286. goto err;
  1287. plaintext_len += len;
  1288. if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len))
  1289. goto err;
  1290. ret = 1;
  1291. err:
  1292. if (n != 0)
  1293. EVP_CIPHER_free(type);
  1294. OPENSSL_free(kek);
  1295. EVP_PKEY_free(keypair);
  1296. EVP_CIPHER_CTX_free(ctx);
  1297. return ret;
  1298. }
  1299. /*
  1300. * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
  1301. * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
  1302. * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
  1303. * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
  1304. * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
  1305. * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
  1306. * Test 6: Use an MD BIO to do the Update calls instead (RSA)
  1307. * Test 7: Use an MD BIO to do the Update calls instead (DSA)
  1308. * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
  1309. * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
  1310. * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
  1311. * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
  1312. * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
  1313. * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
  1314. * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
  1315. * Test 15-29: Same as above with reinitialization
  1316. */
  1317. static int test_EVP_DigestSignInit(int tst)
  1318. {
  1319. int ret = 0;
  1320. EVP_PKEY *pkey = NULL;
  1321. unsigned char *sig = NULL, *sig2 = NULL;
  1322. size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
  1323. EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
  1324. EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
  1325. BIO *mdbio = NULL, *membio = NULL;
  1326. size_t written;
  1327. const EVP_MD *md;
  1328. EVP_MD *mdexp = NULL;
  1329. int reinit = 0;
  1330. if (nullprov != NULL)
  1331. return TEST_skip("Test does not support a non-default library context");
  1332. if (tst >= 15) {
  1333. reinit = 1;
  1334. tst -= 15;
  1335. }
  1336. if (tst >= 6 && tst <= 8) {
  1337. membio = BIO_new(BIO_s_mem());
  1338. mdbio = BIO_new(BIO_f_md());
  1339. if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
  1340. goto out;
  1341. BIO_push(mdbio, membio);
  1342. if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0))
  1343. goto out;
  1344. } else {
  1345. if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new())
  1346. || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new()))
  1347. goto out;
  1348. }
  1349. if (tst % 3 == 0) {
  1350. if (!TEST_ptr(pkey = load_example_rsa_key()))
  1351. goto out;
  1352. } else if (tst % 3 == 1) {
  1353. #ifndef OPENSSL_NO_DSA
  1354. if (!TEST_ptr(pkey = load_example_dsa_key()))
  1355. goto out;
  1356. #else
  1357. ret = 1;
  1358. goto out;
  1359. #endif
  1360. } else {
  1361. if (!TEST_ptr(pkey = load_example_hmac_key()))
  1362. goto out;
  1363. }
  1364. if (tst >= 3 && tst <= 5)
  1365. md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL);
  1366. else
  1367. md = EVP_sha256();
  1368. if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
  1369. goto out;
  1370. if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL)))
  1371. goto out;
  1372. if (tst >= 6 && tst <= 8) {
  1373. if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
  1374. goto out;
  1375. } else if (tst < 6) {
  1376. if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
  1377. goto out;
  1378. }
  1379. if (tst >= 9) {
  1380. /* Determine the size of the signature. */
  1381. if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
  1382. sizeof(kMsg)))
  1383. || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
  1384. goto out;
  1385. if (tst <= 11) {
  1386. /* Test that supply a short sig buffer fails */
  1387. if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
  1388. sizeof(kMsg))))
  1389. goto out;
  1390. /*
  1391. * We end here because once EVP_DigestSign() has failed you should
  1392. * not call it again without re-initing the ctx
  1393. */
  1394. ret = 1;
  1395. goto out;
  1396. }
  1397. if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
  1398. sizeof(kMsg))))
  1399. goto out;
  1400. } else {
  1401. /* Determine the size of the signature. */
  1402. if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
  1403. || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
  1404. /*
  1405. * Trying to create a signature with a deliberately short
  1406. * buffer should fail.
  1407. */
  1408. || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
  1409. || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
  1410. goto out;
  1411. }
  1412. /*
  1413. * Ensure that the signature round-trips (Verification isn't supported for
  1414. * HMAC via EVP_DigestVerify*)
  1415. */
  1416. if (tst % 3 != 2) {
  1417. if (tst >= 6 && tst <= 8) {
  1418. if (!TEST_int_gt(BIO_reset(mdbio), 0)
  1419. || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
  1420. goto out;
  1421. }
  1422. if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md,
  1423. NULL, pkey)))
  1424. goto out;
  1425. if (tst >= 6 && tst <= 8) {
  1426. if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
  1427. goto out;
  1428. } else {
  1429. if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg,
  1430. sizeof(kMsg))))
  1431. goto out;
  1432. }
  1433. if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
  1434. goto out;
  1435. /* Multiple calls to EVP_DigestVerifyFinal should work */
  1436. if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
  1437. goto out;
  1438. } else {
  1439. /*
  1440. * For HMAC a doubled call to DigestSignFinal should produce the same
  1441. * value as finalization should not happen.
  1442. */
  1443. if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len))
  1444. || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len))
  1445. || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len)))
  1446. goto out;
  1447. if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len))
  1448. goto out;
  1449. }
  1450. ret = 1;
  1451. out:
  1452. BIO_free(membio);
  1453. BIO_free(mdbio);
  1454. EVP_MD_CTX_free(a_md_ctx);
  1455. EVP_MD_CTX_free(a_md_ctx_verify);
  1456. EVP_PKEY_free(pkey);
  1457. OPENSSL_free(sig);
  1458. OPENSSL_free(sig2);
  1459. EVP_MD_free(mdexp);
  1460. return ret;
  1461. }
  1462. static int test_EVP_DigestVerifyInit(void)
  1463. {
  1464. int ret = 0;
  1465. EVP_PKEY *pkey = NULL;
  1466. EVP_MD_CTX *md_ctx = NULL;
  1467. if (nullprov != NULL)
  1468. return TEST_skip("Test does not support a non-default library context");
  1469. if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())
  1470. || !TEST_ptr(pkey = load_example_rsa_key()))
  1471. goto out;
  1472. if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))
  1473. || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
  1474. || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
  1475. sizeof(kSignature)), 0))
  1476. goto out;
  1477. /* test with reinitialization */
  1478. if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL))
  1479. || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)))
  1480. || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature,
  1481. sizeof(kSignature)), 0))
  1482. goto out;
  1483. ret = 1;
  1484. out:
  1485. EVP_MD_CTX_free(md_ctx);
  1486. EVP_PKEY_free(pkey);
  1487. return ret;
  1488. }
  1489. #ifndef OPENSSL_NO_SIPHASH
  1490. /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
  1491. static int test_siphash_digestsign(void)
  1492. {
  1493. unsigned char key[16];
  1494. unsigned char buf[8], digest[8];
  1495. unsigned char expected[8] = {
  1496. 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
  1497. };
  1498. EVP_PKEY *pkey = NULL;
  1499. EVP_MD_CTX *mdctx = NULL;
  1500. EVP_PKEY_CTX *ctx = NULL;
  1501. int ret = 0;
  1502. size_t len = 8;
  1503. if (nullprov != NULL)
  1504. return TEST_skip("Test does not support a non-default library context");
  1505. memset(buf, 0, 8);
  1506. memset(key, 1, 16);
  1507. if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL,
  1508. key, 16)))
  1509. goto out;
  1510. if (!TEST_ptr(mdctx = EVP_MD_CTX_create()))
  1511. goto out;
  1512. if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey)))
  1513. goto out;
  1514. if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX,
  1515. EVP_PKEY_CTRL_SET_DIGEST_SIZE,
  1516. 8, NULL), 1))
  1517. goto out;
  1518. /* reinitialize */
  1519. if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL)))
  1520. goto out;
  1521. if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8)))
  1522. goto out;
  1523. if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len)))
  1524. goto out;
  1525. if (!TEST_mem_eq(digest, len, expected, sizeof(expected)))
  1526. goto out;
  1527. ret = 1;
  1528. out:
  1529. EVP_PKEY_free(pkey);
  1530. EVP_MD_CTX_free(mdctx);
  1531. return ret;
  1532. }
  1533. #endif
  1534. /*
  1535. * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
  1536. */
  1537. static int test_EVP_Digest(void)
  1538. {
  1539. int ret = 0;
  1540. EVP_MD_CTX *md_ctx = NULL;
  1541. unsigned char md[EVP_MAX_MD_SIZE];
  1542. EVP_MD *sha256 = NULL;
  1543. EVP_MD *shake256 = NULL;
  1544. if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
  1545. goto out;
  1546. if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq))
  1547. || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq)))
  1548. goto out;
  1549. if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
  1550. || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
  1551. || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL))
  1552. /* EVP_DigestFinal resets the EVP_MD_CTX. */
  1553. || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL))
  1554. goto out;
  1555. if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL))
  1556. || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
  1557. || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL))
  1558. /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
  1559. || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
  1560. /*
  1561. * EVP_DigestInit_ex with NULL type should work on
  1562. * pre-initialized context.
  1563. */
  1564. || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
  1565. goto out;
  1566. if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL))
  1567. || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg)))
  1568. || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md)))
  1569. /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
  1570. || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx))
  1571. || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL)))
  1572. goto out;
  1573. ret = 1;
  1574. out:
  1575. EVP_MD_CTX_free(md_ctx);
  1576. EVP_MD_free(sha256);
  1577. EVP_MD_free(shake256);
  1578. return ret;
  1579. }
  1580. static int test_EVP_md_null(void)
  1581. {
  1582. int ret = 0;
  1583. EVP_MD_CTX *md_ctx = NULL;
  1584. const EVP_MD *md_null = EVP_md_null();
  1585. unsigned char md_value[EVP_MAX_MD_SIZE];
  1586. unsigned int md_len = sizeof(md_value);
  1587. if (nullprov != NULL)
  1588. return TEST_skip("Test does not support a non-default library context");
  1589. if (!TEST_ptr(md_null)
  1590. || !TEST_ptr(md_ctx = EVP_MD_CTX_new()))
  1591. goto out;
  1592. if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL))
  1593. || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4))
  1594. || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len)))
  1595. goto out;
  1596. if (!TEST_uint_eq(md_len, 0))
  1597. goto out;
  1598. ret = 1;
  1599. out:
  1600. EVP_MD_CTX_free(md_ctx);
  1601. return ret;
  1602. }
  1603. static int test_d2i_AutoPrivateKey(int i)
  1604. {
  1605. int ret = 0;
  1606. const unsigned char *p;
  1607. EVP_PKEY *pkey = NULL;
  1608. const APK_DATA *ak = &keydata[i];
  1609. const unsigned char *input = ak->kder;
  1610. size_t input_len = ak->size;
  1611. int expected_id = ak->evptype;
  1612. p = input;
  1613. if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len))
  1614. || !TEST_ptr_eq(p, input + input_len)
  1615. || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
  1616. goto done;
  1617. ret = 1;
  1618. done:
  1619. EVP_PKEY_free(pkey);
  1620. return ret;
  1621. }
  1622. #ifndef OPENSSL_NO_EC
  1623. static const unsigned char ec_public_sect163k1_validxy[] = {
  1624. 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  1625. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
  1626. 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
  1627. 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
  1628. 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
  1629. 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
  1630. };
  1631. static const unsigned char ec_public_sect163k1_badx[] = {
  1632. 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  1633. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
  1634. 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
  1635. 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
  1636. 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
  1637. 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
  1638. };
  1639. static const unsigned char ec_public_sect163k1_bady[] = {
  1640. 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
  1641. 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
  1642. 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
  1643. 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
  1644. 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
  1645. 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
  1646. };
  1647. static struct ec_der_pub_keys_st {
  1648. const unsigned char *der;
  1649. size_t len;
  1650. int valid;
  1651. } ec_der_pub_keys[] = {
  1652. { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 },
  1653. { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 },
  1654. { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 },
  1655. };
  1656. /*
  1657. * Tests the range of the decoded EC char2 public point.
  1658. * See ec_GF2m_simple_oct2point().
  1659. */
  1660. static int test_invalide_ec_char2_pub_range_decode(int id)
  1661. {
  1662. int ret = 0;
  1663. EVP_PKEY *pkey;
  1664. pkey = load_example_key("EC", ec_der_pub_keys[id].der,
  1665. ec_der_pub_keys[id].len);
  1666. ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey))
  1667. || TEST_ptr_null(pkey);
  1668. EVP_PKEY_free(pkey);
  1669. return ret;
  1670. }
  1671. /* Tests loading a bad key in PKCS8 format */
  1672. static int test_EVP_PKCS82PKEY(void)
  1673. {
  1674. int ret = 0;
  1675. const unsigned char *derp = kExampleBadECKeyDER;
  1676. PKCS8_PRIV_KEY_INFO *p8inf = NULL;
  1677. EVP_PKEY *pkey = NULL;
  1678. if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp,
  1679. sizeof(kExampleBadECKeyDER))))
  1680. goto done;
  1681. if (!TEST_ptr_eq(derp,
  1682. kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)))
  1683. goto done;
  1684. if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf)))
  1685. goto done;
  1686. ret = 1;
  1687. done:
  1688. PKCS8_PRIV_KEY_INFO_free(p8inf);
  1689. EVP_PKEY_free(pkey);
  1690. return ret;
  1691. }
  1692. #endif
  1693. static int test_EVP_PKCS82PKEY_wrong_tag(void)
  1694. {
  1695. EVP_PKEY *pkey = NULL;
  1696. EVP_PKEY *pkey2 = NULL;
  1697. BIO *membio = NULL;
  1698. char *membuf = NULL;
  1699. PKCS8_PRIV_KEY_INFO *p8inf = NULL;
  1700. int ok = 0;
  1701. if (testctx != NULL)
  1702. /* test not supported with non-default context */
  1703. return 1;
  1704. if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
  1705. || !TEST_ptr(pkey = load_example_rsa_key())
  1706. || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
  1707. NULL, 0, NULL, NULL),
  1708. 0)
  1709. || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0)
  1710. || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL))
  1711. || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf))
  1712. || !TEST_int_eq(ERR_peek_last_error(), 0)) {
  1713. goto done;
  1714. }
  1715. ok = 1;
  1716. done:
  1717. EVP_PKEY_free(pkey);
  1718. EVP_PKEY_free(pkey2);
  1719. PKCS8_PRIV_KEY_INFO_free(p8inf);
  1720. BIO_free_all(membio);
  1721. return ok;
  1722. }
  1723. /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
  1724. static int test_privatekey_to_pkcs8(void)
  1725. {
  1726. EVP_PKEY *pkey = NULL;
  1727. BIO *membio = NULL;
  1728. char *membuf = NULL;
  1729. long membuf_len = 0;
  1730. int ok = 0;
  1731. if (!TEST_ptr(membio = BIO_new(BIO_s_mem()))
  1732. || !TEST_ptr(pkey = load_example_rsa_key())
  1733. || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL,
  1734. NULL, 0, NULL, NULL),
  1735. 0)
  1736. || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0)
  1737. || !TEST_ptr(membuf)
  1738. || !TEST_mem_eq(membuf, (size_t)membuf_len,
  1739. kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8))
  1740. /*
  1741. * We try to write PEM as well, just to see that it doesn't err, but
  1742. * assume that the result is correct.
  1743. */
  1744. || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL,
  1745. NULL, 0, NULL, NULL),
  1746. 0))
  1747. goto done;
  1748. ok = 1;
  1749. done:
  1750. EVP_PKEY_free(pkey);
  1751. BIO_free_all(membio);
  1752. return ok;
  1753. }
  1754. #ifndef OPENSSL_NO_EC
  1755. static const struct {
  1756. int encoding;
  1757. const char *encoding_name;
  1758. } ec_encodings[] = {
  1759. { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT },
  1760. { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP }
  1761. };
  1762. static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg)
  1763. {
  1764. const OSSL_PARAM *p;
  1765. const char *enc_name = NULL;
  1766. int *enc = arg;
  1767. size_t i;
  1768. *enc = -1;
  1769. if (!TEST_ptr(p = OSSL_PARAM_locate_const(params,
  1770. OSSL_PKEY_PARAM_EC_ENCODING))
  1771. || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name)))
  1772. return 0;
  1773. for (i = 0; i < OSSL_NELEM(ec_encodings); i++) {
  1774. if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) {
  1775. *enc = ec_encodings[i].encoding;
  1776. break;
  1777. }
  1778. }
  1779. return (*enc != -1);
  1780. }
  1781. static int test_EC_keygen_with_enc(int idx)
  1782. {
  1783. EVP_PKEY *params = NULL, *key = NULL;
  1784. EVP_PKEY_CTX *pctx = NULL, *kctx = NULL;
  1785. int enc;
  1786. int ret = 0;
  1787. enc = ec_encodings[idx].encoding;
  1788. /* Create key parameters */
  1789. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL))
  1790. || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0)
  1791. || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0)
  1792. || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0)
  1793. || !TEST_true(EVP_PKEY_paramgen(pctx, &params))
  1794. || !TEST_ptr(params))
  1795. goto done;
  1796. /* Create key */
  1797. if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL))
  1798. || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
  1799. || !TEST_true(EVP_PKEY_keygen(kctx, &key))
  1800. || !TEST_ptr(key))
  1801. goto done;
  1802. /* Check that the encoding got all the way into the key */
  1803. if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL,
  1804. ec_export_get_encoding_cb, &enc))
  1805. || !TEST_int_eq(enc, ec_encodings[idx].encoding))
  1806. goto done;
  1807. ret = 1;
  1808. done:
  1809. EVP_PKEY_free(key);
  1810. EVP_PKEY_free(params);
  1811. EVP_PKEY_CTX_free(kctx);
  1812. EVP_PKEY_CTX_free(pctx);
  1813. return ret;
  1814. }
  1815. #endif
  1816. #if !defined(OPENSSL_NO_SM2)
  1817. static int test_EVP_SM2_verify(void)
  1818. {
  1819. const char *pubkey =
  1820. "-----BEGIN PUBLIC KEY-----\n"
  1821. "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
  1822. "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
  1823. "-----END PUBLIC KEY-----\n";
  1824. const char *msg = "message digest";
  1825. const char *id = "ALICE123@YAHOO.COM";
  1826. const uint8_t signature[] = {
  1827. 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
  1828. 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
  1829. 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
  1830. 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
  1831. 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
  1832. 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
  1833. 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
  1834. };
  1835. int rc = 0;
  1836. BIO *bio = NULL;
  1837. EVP_PKEY *pkey = NULL;
  1838. EVP_MD_CTX *mctx = NULL;
  1839. EVP_PKEY_CTX *pctx = NULL;
  1840. EVP_MD *sm3 = NULL;
  1841. bio = BIO_new_mem_buf(pubkey, strlen(pubkey));
  1842. if (!TEST_true(bio != NULL))
  1843. goto done;
  1844. pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq);
  1845. if (!TEST_true(pkey != NULL))
  1846. goto done;
  1847. if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2")))
  1848. goto done;
  1849. if (!TEST_ptr(mctx = EVP_MD_CTX_new()))
  1850. goto done;
  1851. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
  1852. goto done;
  1853. EVP_MD_CTX_set_pkey_ctx(mctx, pctx);
  1854. if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq)))
  1855. goto done;
  1856. if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey)))
  1857. goto done;
  1858. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0))
  1859. goto done;
  1860. if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg))))
  1861. goto done;
  1862. if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0))
  1863. goto done;
  1864. rc = 1;
  1865. done:
  1866. BIO_free(bio);
  1867. EVP_PKEY_free(pkey);
  1868. EVP_PKEY_CTX_free(pctx);
  1869. EVP_MD_CTX_free(mctx);
  1870. EVP_MD_free(sm3);
  1871. return rc;
  1872. }
  1873. static int test_EVP_SM2(void)
  1874. {
  1875. int ret = 0;
  1876. EVP_PKEY *pkey = NULL;
  1877. EVP_PKEY *pkeyparams = NULL;
  1878. EVP_PKEY_CTX *pctx = NULL;
  1879. EVP_PKEY_CTX *kctx = NULL;
  1880. EVP_PKEY_CTX *sctx = NULL;
  1881. size_t sig_len = 0;
  1882. unsigned char *sig = NULL;
  1883. EVP_MD_CTX *md_ctx = NULL;
  1884. EVP_MD_CTX *md_ctx_verify = NULL;
  1885. EVP_PKEY_CTX *cctx = NULL;
  1886. EVP_MD *check_md = NULL;
  1887. uint8_t ciphertext[128];
  1888. size_t ctext_len = sizeof(ciphertext);
  1889. uint8_t plaintext[8];
  1890. size_t ptext_len = sizeof(plaintext);
  1891. uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
  1892. OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
  1893. OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END};
  1894. int i;
  1895. char mdname[OSSL_MAX_NAME_SIZE];
  1896. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx,
  1897. "SM2", testpropq)))
  1898. goto done;
  1899. if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1))
  1900. goto done;
  1901. if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0))
  1902. goto done;
  1903. if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams)))
  1904. goto done;
  1905. if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx,
  1906. pkeyparams, testpropq)))
  1907. goto done;
  1908. if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0))
  1909. goto done;
  1910. if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey)))
  1911. goto done;
  1912. if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()))
  1913. goto done;
  1914. if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new()))
  1915. goto done;
  1916. if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
  1917. goto done;
  1918. EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx);
  1919. EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx);
  1920. if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq)))
  1921. goto done;
  1922. if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey)))
  1923. goto done;
  1924. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
  1925. goto done;
  1926. if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
  1927. goto done;
  1928. /* Determine the size of the signature. */
  1929. if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)))
  1930. goto done;
  1931. if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)))
  1932. goto done;
  1933. if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
  1934. goto done;
  1935. /* Ensure that the signature round-trips. */
  1936. if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
  1937. pkey)))
  1938. goto done;
  1939. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0))
  1940. goto done;
  1941. if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
  1942. goto done;
  1943. if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
  1944. goto done;
  1945. /*
  1946. * Try verify again with non-matching 0 length id but ensure that it can
  1947. * be set on the context and overrides the previous value.
  1948. */
  1949. if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL,
  1950. pkey)))
  1951. goto done;
  1952. if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0))
  1953. goto done;
  1954. if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg))))
  1955. goto done;
  1956. if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0))
  1957. goto done;
  1958. /* now check encryption/decryption */
  1959. gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
  1960. mdname, sizeof(mdname));
  1961. for (i = 0; i < 2; i++) {
  1962. const char *mdnames[] = {
  1963. #ifndef OPENSSL_NO_SM3
  1964. "SM3",
  1965. #else
  1966. NULL,
  1967. #endif
  1968. "SHA2-256" };
  1969. EVP_PKEY_CTX_free(cctx);
  1970. if (mdnames[i] == NULL)
  1971. continue;
  1972. sparams[0] =
  1973. OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST,
  1974. (char *)mdnames[i], 0);
  1975. if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx,
  1976. pkey, testpropq)))
  1977. goto done;
  1978. if (!TEST_true(EVP_PKEY_encrypt_init(cctx)))
  1979. goto done;
  1980. if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
  1981. goto done;
  1982. if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg,
  1983. sizeof(kMsg))))
  1984. goto done;
  1985. if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0))
  1986. goto done;
  1987. if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams)))
  1988. goto done;
  1989. if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext,
  1990. ctext_len), 0))
  1991. goto done;
  1992. if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams)))
  1993. goto done;
  1994. /*
  1995. * Test we're still using the digest we think we are.
  1996. * Because of aliases, the easiest is to fetch the digest and
  1997. * check the name with EVP_MD_is_a().
  1998. */
  1999. EVP_MD_free(check_md);
  2000. if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq)))
  2001. goto done;
  2002. if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) {
  2003. TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]);
  2004. goto done;
  2005. }
  2006. if (!TEST_true(ptext_len == sizeof(kMsg)))
  2007. goto done;
  2008. if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0))
  2009. goto done;
  2010. }
  2011. ret = 1;
  2012. done:
  2013. EVP_PKEY_CTX_free(pctx);
  2014. EVP_PKEY_CTX_free(kctx);
  2015. EVP_PKEY_CTX_free(sctx);
  2016. EVP_PKEY_CTX_free(cctx);
  2017. EVP_PKEY_free(pkey);
  2018. EVP_PKEY_free(pkeyparams);
  2019. EVP_MD_CTX_free(md_ctx);
  2020. EVP_MD_CTX_free(md_ctx_verify);
  2021. EVP_MD_free(check_md);
  2022. OPENSSL_free(sig);
  2023. return ret;
  2024. }
  2025. #endif
  2026. static struct keys_st {
  2027. int type;
  2028. char *priv;
  2029. char *pub;
  2030. } keys[] = {
  2031. {
  2032. EVP_PKEY_HMAC, "0123456789", NULL
  2033. },
  2034. {
  2035. EVP_PKEY_HMAC, "", NULL
  2036. #ifndef OPENSSL_NO_POLY1305
  2037. }, {
  2038. EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
  2039. #endif
  2040. #ifndef OPENSSL_NO_SIPHASH
  2041. }, {
  2042. EVP_PKEY_SIPHASH, "0123456789012345", NULL
  2043. #endif
  2044. },
  2045. #ifndef OPENSSL_NO_ECX
  2046. {
  2047. EVP_PKEY_X25519, "01234567890123456789012345678901",
  2048. "abcdefghijklmnopqrstuvwxyzabcdef"
  2049. }, {
  2050. EVP_PKEY_ED25519, "01234567890123456789012345678901",
  2051. "abcdefghijklmnopqrstuvwxyzabcdef"
  2052. }, {
  2053. EVP_PKEY_X448,
  2054. "01234567890123456789012345678901234567890123456789012345",
  2055. "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
  2056. }, {
  2057. EVP_PKEY_ED448,
  2058. "012345678901234567890123456789012345678901234567890123456",
  2059. "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
  2060. }
  2061. #endif
  2062. };
  2063. static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
  2064. {
  2065. int ret = 0;
  2066. unsigned char buf[80];
  2067. unsigned char *in;
  2068. size_t inlen, len = 0, shortlen = 1;
  2069. EVP_PKEY *pkey;
  2070. /* Check if this algorithm supports public keys */
  2071. if (pub && keys[tst].pub == NULL)
  2072. return 1;
  2073. memset(buf, 0, sizeof(buf));
  2074. if (pub) {
  2075. #ifndef OPENSSL_NO_EC
  2076. inlen = strlen(keys[tst].pub);
  2077. in = (unsigned char *)keys[tst].pub;
  2078. if (uselibctx) {
  2079. pkey = EVP_PKEY_new_raw_public_key_ex(
  2080. testctx,
  2081. OBJ_nid2sn(keys[tst].type),
  2082. NULL,
  2083. in,
  2084. inlen);
  2085. } else {
  2086. pkey = EVP_PKEY_new_raw_public_key(keys[tst].type,
  2087. NULL,
  2088. in,
  2089. inlen);
  2090. }
  2091. #else
  2092. return 1;
  2093. #endif
  2094. } else {
  2095. inlen = strlen(keys[tst].priv);
  2096. in = (unsigned char *)keys[tst].priv;
  2097. if (uselibctx) {
  2098. pkey = EVP_PKEY_new_raw_private_key_ex(
  2099. testctx, OBJ_nid2sn(keys[tst].type),
  2100. NULL,
  2101. in,
  2102. inlen);
  2103. } else {
  2104. pkey = EVP_PKEY_new_raw_private_key(keys[tst].type,
  2105. NULL,
  2106. in,
  2107. inlen);
  2108. }
  2109. }
  2110. if (!TEST_ptr(pkey)
  2111. || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
  2112. || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
  2113. || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
  2114. || !TEST_true(len == inlen))
  2115. goto done;
  2116. if (tst != 1) {
  2117. /*
  2118. * Test that supplying a buffer that is too small fails. Doesn't apply
  2119. * to HMAC with a zero length key
  2120. */
  2121. if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
  2122. &shortlen)))
  2123. || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
  2124. &shortlen))))
  2125. goto done;
  2126. }
  2127. if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
  2128. || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
  2129. || !TEST_mem_eq(in, inlen, buf, len))
  2130. goto done;
  2131. ret = 1;
  2132. done:
  2133. EVP_PKEY_free(pkey);
  2134. return ret;
  2135. }
  2136. static int test_set_get_raw_keys(int tst)
  2137. {
  2138. return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0))
  2139. && test_set_get_raw_keys_int(tst, 0, 1)
  2140. && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0))
  2141. && test_set_get_raw_keys_int(tst, 1, 1);
  2142. }
  2143. #ifndef OPENSSL_NO_DEPRECATED_3_0
  2144. static int pkey_custom_check(EVP_PKEY *pkey)
  2145. {
  2146. return 0xbeef;
  2147. }
  2148. static int pkey_custom_pub_check(EVP_PKEY *pkey)
  2149. {
  2150. return 0xbeef;
  2151. }
  2152. static int pkey_custom_param_check(EVP_PKEY *pkey)
  2153. {
  2154. return 0xbeef;
  2155. }
  2156. static EVP_PKEY_METHOD *custom_pmeth;
  2157. #endif
  2158. static int test_EVP_PKEY_check(int i)
  2159. {
  2160. int ret = 0;
  2161. EVP_PKEY *pkey = NULL;
  2162. EVP_PKEY_CTX *ctx = NULL;
  2163. #ifndef OPENSSL_NO_DEPRECATED_3_0
  2164. EVP_PKEY_CTX *ctx2 = NULL;
  2165. #endif
  2166. const APK_DATA *ak = &keycheckdata[i];
  2167. const unsigned char *input = ak->kder;
  2168. size_t input_len = ak->size;
  2169. int expected_id = ak->evptype;
  2170. int expected_check = ak->check;
  2171. int expected_pub_check = ak->pub_check;
  2172. int expected_param_check = ak->param_check;
  2173. int type = ak->type;
  2174. if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len)))
  2175. goto done;
  2176. if (type == 0
  2177. && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id))
  2178. goto done;
  2179. if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq)))
  2180. goto done;
  2181. if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check))
  2182. goto done;
  2183. if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check))
  2184. goto done;
  2185. if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check))
  2186. goto done;
  2187. #ifndef OPENSSL_NO_DEPRECATED_3_0
  2188. ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL);
  2189. /* assign the pkey directly, as an internal test */
  2190. EVP_PKEY_up_ref(pkey);
  2191. ctx2->pkey = pkey;
  2192. if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef))
  2193. goto done;
  2194. if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef))
  2195. goto done;
  2196. if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef))
  2197. goto done;
  2198. #endif
  2199. ret = 1;
  2200. done:
  2201. EVP_PKEY_CTX_free(ctx);
  2202. #ifndef OPENSSL_NO_DEPRECATED_3_0
  2203. EVP_PKEY_CTX_free(ctx2);
  2204. #endif
  2205. EVP_PKEY_free(pkey);
  2206. return ret;
  2207. }
  2208. #ifndef OPENSSL_NO_CMAC
  2209. static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
  2210. {
  2211. EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
  2212. const char msg[] = "Hello World";
  2213. size_t maclen = AES_BLOCK_SIZE;
  2214. int ret = 1;
  2215. if (!TEST_ptr(mdctx)
  2216. || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx,
  2217. testpropq, pkey, NULL))
  2218. || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg)))
  2219. || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen))
  2220. || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE))
  2221. ret = 0;
  2222. EVP_MD_CTX_free(mdctx);
  2223. return ret;
  2224. }
  2225. static int test_CMAC_keygen(void)
  2226. {
  2227. static unsigned char key[] = {
  2228. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  2229. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  2230. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
  2231. };
  2232. EVP_PKEY_CTX *kctx = NULL;
  2233. int ret = 0;
  2234. EVP_PKEY *pkey = NULL;
  2235. unsigned char mac[AES_BLOCK_SIZE];
  2236. # if !defined(OPENSSL_NO_DEPRECATED_3_0)
  2237. unsigned char mac2[AES_BLOCK_SIZE];
  2238. # endif
  2239. if (nullprov != NULL)
  2240. return TEST_skip("Test does not support a non-default library context");
  2241. /*
  2242. * This is a legacy method for CMACs, but should still work.
  2243. * This verifies that it works without an ENGINE.
  2244. */
  2245. kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL);
  2246. /* Test a CMAC key created using the "generated" method */
  2247. if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)
  2248. || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
  2249. EVP_PKEY_CTRL_CIPHER,
  2250. 0, (void *)EVP_aes_256_cbc()), 0)
  2251. || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN,
  2252. EVP_PKEY_CTRL_SET_MAC_KEY,
  2253. sizeof(key), (void *)key), 0)
  2254. || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0)
  2255. || !TEST_ptr(pkey)
  2256. || !TEST_true(get_cmac_val(pkey, mac)))
  2257. goto done;
  2258. # if !defined(OPENSSL_NO_DEPRECATED_3_0)
  2259. EVP_PKEY_free(pkey);
  2260. /*
  2261. * Test a CMAC key using the direct method, and compare with the mac
  2262. * created above.
  2263. */
  2264. pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_cbc());
  2265. if (!TEST_ptr(pkey)
  2266. || !TEST_true(get_cmac_val(pkey, mac2))
  2267. || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2)))
  2268. goto done;
  2269. # endif
  2270. ret = 1;
  2271. done:
  2272. EVP_PKEY_free(pkey);
  2273. EVP_PKEY_CTX_free(kctx);
  2274. return ret;
  2275. }
  2276. #endif
  2277. static int test_HKDF(void)
  2278. {
  2279. EVP_PKEY_CTX *pctx;
  2280. unsigned char out[20];
  2281. size_t outlen;
  2282. int i, ret = 0;
  2283. unsigned char salt[] = "0123456789";
  2284. unsigned char key[] = "012345678901234567890123456789";
  2285. unsigned char info[] = "infostring";
  2286. const unsigned char expected[] = {
  2287. 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
  2288. 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
  2289. };
  2290. size_t expectedlen = sizeof(expected);
  2291. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
  2292. goto done;
  2293. /* We do this twice to test reuse of the EVP_PKEY_CTX */
  2294. for (i = 0; i < 2; i++) {
  2295. outlen = sizeof(out);
  2296. memset(out, 0, outlen);
  2297. if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
  2298. || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
  2299. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
  2300. sizeof(salt) - 1), 0)
  2301. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
  2302. sizeof(key) - 1), 0)
  2303. || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
  2304. sizeof(info) - 1), 0)
  2305. || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
  2306. || !TEST_mem_eq(out, outlen, expected, expectedlen))
  2307. goto done;
  2308. }
  2309. ret = 1;
  2310. done:
  2311. EVP_PKEY_CTX_free(pctx);
  2312. return ret;
  2313. }
  2314. static int test_emptyikm_HKDF(void)
  2315. {
  2316. EVP_PKEY_CTX *pctx;
  2317. unsigned char out[20];
  2318. size_t outlen;
  2319. int ret = 0;
  2320. unsigned char salt[] = "9876543210";
  2321. unsigned char key[] = "";
  2322. unsigned char info[] = "stringinfo";
  2323. const unsigned char expected[] = {
  2324. 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
  2325. 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
  2326. };
  2327. size_t expectedlen = sizeof(expected);
  2328. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq)))
  2329. goto done;
  2330. outlen = sizeof(out);
  2331. memset(out, 0, outlen);
  2332. if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0)
  2333. || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0)
  2334. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt,
  2335. sizeof(salt) - 1), 0)
  2336. || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key,
  2337. sizeof(key) - 1), 0)
  2338. || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info,
  2339. sizeof(info) - 1), 0)
  2340. || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0)
  2341. || !TEST_mem_eq(out, outlen, expected, expectedlen))
  2342. goto done;
  2343. ret = 1;
  2344. done:
  2345. EVP_PKEY_CTX_free(pctx);
  2346. return ret;
  2347. }
  2348. #ifndef OPENSSL_NO_EC
  2349. static int test_X509_PUBKEY_inplace(void)
  2350. {
  2351. int ret = 0;
  2352. X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq);
  2353. const unsigned char *p = kExampleECPubKeyDER;
  2354. size_t input_len = sizeof(kExampleECPubKeyDER);
  2355. if (!TEST_ptr(xp))
  2356. goto done;
  2357. if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)))
  2358. goto done;
  2359. if (!TEST_ptr(X509_PUBKEY_get0(xp)))
  2360. goto done;
  2361. p = kExampleBadECPubKeyDER;
  2362. input_len = sizeof(kExampleBadECPubKeyDER);
  2363. if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)))
  2364. goto done;
  2365. if (!TEST_true(X509_PUBKEY_get0(xp) == NULL))
  2366. goto done;
  2367. ret = 1;
  2368. done:
  2369. X509_PUBKEY_free(xp);
  2370. return ret;
  2371. }
  2372. static int test_X509_PUBKEY_dup(void)
  2373. {
  2374. int ret = 0;
  2375. X509_PUBKEY *xp = NULL, *xq = NULL;
  2376. const unsigned char *p = kExampleECPubKeyDER;
  2377. size_t input_len = sizeof(kExampleECPubKeyDER);
  2378. xp = X509_PUBKEY_new_ex(testctx, testpropq);
  2379. if (!TEST_ptr(xp)
  2380. || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))
  2381. || !TEST_ptr(xq = X509_PUBKEY_dup(xp))
  2382. || !TEST_ptr_ne(xp, xq))
  2383. goto done;
  2384. if (!TEST_ptr(X509_PUBKEY_get0(xq))
  2385. || !TEST_ptr(X509_PUBKEY_get0(xp))
  2386. || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp)))
  2387. goto done;
  2388. X509_PUBKEY_free(xq);
  2389. xq = NULL;
  2390. p = kExampleBadECPubKeyDER;
  2391. input_len = sizeof(kExampleBadECPubKeyDER);
  2392. if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))
  2393. || !TEST_ptr(xq = X509_PUBKEY_dup(xp)))
  2394. goto done;
  2395. X509_PUBKEY_free(xp);
  2396. xp = NULL;
  2397. if (!TEST_true(X509_PUBKEY_get0(xq) == NULL))
  2398. goto done;
  2399. ret = 1;
  2400. done:
  2401. X509_PUBKEY_free(xp);
  2402. X509_PUBKEY_free(xq);
  2403. return ret;
  2404. }
  2405. #endif /* OPENSSL_NO_EC */
  2406. /* Test getting and setting parameters on an EVP_PKEY_CTX */
  2407. static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey)
  2408. {
  2409. EVP_MD_CTX *mdctx = NULL;
  2410. EVP_PKEY_CTX *ctx = NULL;
  2411. const OSSL_PARAM *params;
  2412. OSSL_PARAM ourparams[2], *param = ourparams, *param_md;
  2413. int ret = 0;
  2414. const EVP_MD *md;
  2415. char mdname[OSSL_MAX_NAME_SIZE];
  2416. char ssl3ms[48];
  2417. /* Initialise a sign operation */
  2418. ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq);
  2419. if (!TEST_ptr(ctx)
  2420. || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0))
  2421. goto err;
  2422. /*
  2423. * We should be able to query the parameters now.
  2424. */
  2425. params = EVP_PKEY_CTX_settable_params(ctx);
  2426. if (!TEST_ptr(params)
  2427. || !TEST_ptr(OSSL_PARAM_locate_const(params,
  2428. OSSL_SIGNATURE_PARAM_DIGEST)))
  2429. goto err;
  2430. params = EVP_PKEY_CTX_gettable_params(ctx);
  2431. if (!TEST_ptr(params)
  2432. || !TEST_ptr(OSSL_PARAM_locate_const(params,
  2433. OSSL_SIGNATURE_PARAM_ALGORITHM_ID))
  2434. || !TEST_ptr(OSSL_PARAM_locate_const(params,
  2435. OSSL_SIGNATURE_PARAM_DIGEST)))
  2436. goto err;
  2437. /*
  2438. * Test getting and setting params via EVP_PKEY_CTX_set_params() and
  2439. * EVP_PKEY_CTX_get_params()
  2440. */
  2441. strcpy(mdname, "SHA512");
  2442. param_md = param;
  2443. *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
  2444. mdname, 0);
  2445. *param++ = OSSL_PARAM_construct_end();
  2446. if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams)))
  2447. goto err;
  2448. mdname[0] = '\0';
  2449. *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST,
  2450. mdname, sizeof(mdname));
  2451. if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams))
  2452. || !TEST_str_eq(mdname, "SHA512"))
  2453. goto err;
  2454. /*
  2455. * Test the TEST_PKEY_CTX_set_signature_md() and
  2456. * TEST_PKEY_CTX_get_signature_md() functions
  2457. */
  2458. if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0)
  2459. || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0)
  2460. || !TEST_ptr_eq(md, EVP_sha256()))
  2461. goto err;
  2462. /*
  2463. * Test getting MD parameters via an associated EVP_PKEY_CTX
  2464. */
  2465. mdctx = EVP_MD_CTX_new();
  2466. if (!TEST_ptr(mdctx)
  2467. || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq,
  2468. pkey, NULL)))
  2469. goto err;
  2470. /*
  2471. * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
  2472. * able to obtain the digest's settable parameters from the provider.
  2473. */
  2474. params = EVP_MD_CTX_settable_params(mdctx);
  2475. if (!TEST_ptr(params)
  2476. || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0)
  2477. /* The final key should be NULL */
  2478. || !TEST_ptr_null(params[1].key))
  2479. goto err;
  2480. param = ourparams;
  2481. memset(ssl3ms, 0, sizeof(ssl3ms));
  2482. *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS,
  2483. ssl3ms, sizeof(ssl3ms));
  2484. *param++ = OSSL_PARAM_construct_end();
  2485. if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams)))
  2486. goto err;
  2487. ret = 1;
  2488. err:
  2489. EVP_MD_CTX_free(mdctx);
  2490. EVP_PKEY_CTX_free(ctx);
  2491. return ret;
  2492. }
  2493. #ifndef OPENSSL_NO_DSA
  2494. static int test_DSA_get_set_params(void)
  2495. {
  2496. OSSL_PARAM_BLD *bld = NULL;
  2497. OSSL_PARAM *params = NULL;
  2498. BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL;
  2499. EVP_PKEY_CTX *pctx = NULL;
  2500. EVP_PKEY *pkey = NULL;
  2501. int ret = 0;
  2502. /*
  2503. * Setup the parameters for our DSA object. For our purposes they don't
  2504. * have to actually be *valid* parameters. We just need to set something.
  2505. */
  2506. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL))
  2507. || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
  2508. || !TEST_ptr(p = BN_new())
  2509. || !TEST_ptr(q = BN_new())
  2510. || !TEST_ptr(g = BN_new())
  2511. || !TEST_ptr(pub = BN_new())
  2512. || !TEST_ptr(priv = BN_new()))
  2513. goto err;
  2514. if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p))
  2515. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q))
  2516. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))
  2517. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY,
  2518. pub))
  2519. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY,
  2520. priv)))
  2521. goto err;
  2522. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
  2523. goto err;
  2524. if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
  2525. || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
  2526. params), 0))
  2527. goto err;
  2528. if (!TEST_ptr(pkey))
  2529. goto err;
  2530. ret = test_EVP_PKEY_CTX_get_set_params(pkey);
  2531. err:
  2532. EVP_PKEY_free(pkey);
  2533. EVP_PKEY_CTX_free(pctx);
  2534. OSSL_PARAM_free(params);
  2535. OSSL_PARAM_BLD_free(bld);
  2536. BN_free(p);
  2537. BN_free(q);
  2538. BN_free(g);
  2539. BN_free(pub);
  2540. BN_free(priv);
  2541. return ret;
  2542. }
  2543. /*
  2544. * Test combinations of private, public, missing and private + public key
  2545. * params to ensure they are all accepted
  2546. */
  2547. static int test_DSA_priv_pub(void)
  2548. {
  2549. return test_EVP_PKEY_ffc_priv_pub("DSA");
  2550. }
  2551. #endif /* !OPENSSL_NO_DSA */
  2552. static int test_RSA_get_set_params(void)
  2553. {
  2554. OSSL_PARAM_BLD *bld = NULL;
  2555. OSSL_PARAM *params = NULL;
  2556. BIGNUM *n = NULL, *e = NULL, *d = NULL;
  2557. EVP_PKEY_CTX *pctx = NULL;
  2558. EVP_PKEY *pkey = NULL;
  2559. int ret = 0;
  2560. /*
  2561. * Setup the parameters for our RSA object. For our purposes they don't
  2562. * have to actually be *valid* parameters. We just need to set something.
  2563. */
  2564. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL))
  2565. || !TEST_ptr(bld = OSSL_PARAM_BLD_new())
  2566. || !TEST_ptr(n = BN_new())
  2567. || !TEST_ptr(e = BN_new())
  2568. || !TEST_ptr(d = BN_new()))
  2569. goto err;
  2570. if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n))
  2571. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e))
  2572. || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d)))
  2573. goto err;
  2574. if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)))
  2575. goto err;
  2576. if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0)
  2577. || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR,
  2578. params), 0))
  2579. goto err;
  2580. if (!TEST_ptr(pkey))
  2581. goto err;
  2582. ret = test_EVP_PKEY_CTX_get_set_params(pkey);
  2583. err:
  2584. EVP_PKEY_free(pkey);
  2585. EVP_PKEY_CTX_free(pctx);
  2586. OSSL_PARAM_free(params);
  2587. OSSL_PARAM_BLD_free(bld);
  2588. BN_free(n);
  2589. BN_free(e);
  2590. BN_free(d);
  2591. return ret;
  2592. }
  2593. static int test_RSA_OAEP_set_get_params(void)
  2594. {
  2595. int ret = 0;
  2596. EVP_PKEY *key = NULL;
  2597. EVP_PKEY_CTX *key_ctx = NULL;
  2598. if (nullprov != NULL)
  2599. return TEST_skip("Test does not support a non-default library context");
  2600. if (!TEST_ptr(key = load_example_rsa_key())
  2601. || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0)))
  2602. goto err;
  2603. {
  2604. int padding = RSA_PKCS1_OAEP_PADDING;
  2605. OSSL_PARAM params[4];
  2606. params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding);
  2607. params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
  2608. OSSL_DIGEST_NAME_SHA2_256, 0);
  2609. params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
  2610. OSSL_DIGEST_NAME_SHA1, 0);
  2611. params[3] = OSSL_PARAM_construct_end();
  2612. if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0))
  2613. goto err;
  2614. }
  2615. {
  2616. OSSL_PARAM params[3];
  2617. char oaepmd[30] = { '\0' };
  2618. char mgf1md[30] = { '\0' };
  2619. params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST,
  2620. oaepmd, sizeof(oaepmd));
  2621. params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST,
  2622. mgf1md, sizeof(mgf1md));
  2623. params[2] = OSSL_PARAM_construct_end();
  2624. if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params)))
  2625. goto err;
  2626. if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256)
  2627. || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1))
  2628. goto err;
  2629. }
  2630. ret = 1;
  2631. err:
  2632. EVP_PKEY_free(key);
  2633. EVP_PKEY_CTX_free(key_ctx);
  2634. return ret;
  2635. }
  2636. /* https://github.com/openssl/openssl/issues/21288 */
  2637. static int test_RSA_OAEP_set_null_label(void)
  2638. {
  2639. int ret = 0;
  2640. EVP_PKEY *key = NULL;
  2641. EVP_PKEY_CTX *key_ctx = NULL;
  2642. if (!TEST_ptr(key = load_example_rsa_key())
  2643. || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL))
  2644. || !TEST_true(EVP_PKEY_encrypt_init(key_ctx)))
  2645. goto err;
  2646. if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING)))
  2647. goto err;
  2648. if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0)))
  2649. goto err;
  2650. if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0)))
  2651. goto err;
  2652. ret = 1;
  2653. err:
  2654. EVP_PKEY_free(key);
  2655. EVP_PKEY_CTX_free(key_ctx);
  2656. return ret;
  2657. }
  2658. #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  2659. static int test_decrypt_null_chunks(void)
  2660. {
  2661. EVP_CIPHER_CTX* ctx = NULL;
  2662. EVP_CIPHER *cipher = NULL;
  2663. const unsigned char key[32] = {
  2664. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  2665. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  2666. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
  2667. };
  2668. unsigned char iv[12] = {
  2669. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
  2670. };
  2671. unsigned char msg[] = "It was the best of times, it was the worst of times";
  2672. unsigned char ciphertext[80];
  2673. unsigned char plaintext[80];
  2674. /* We initialise tmp to a non zero value on purpose */
  2675. int ctlen, ptlen, tmp = 99;
  2676. int ret = 0;
  2677. const int enc_offset = 10, dec_offset = 20;
  2678. if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq))
  2679. || !TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  2680. || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL,
  2681. key, iv))
  2682. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg,
  2683. enc_offset))
  2684. /* Deliberate add a zero length update */
  2685. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL,
  2686. 0))
  2687. || !TEST_int_eq(tmp, 0)
  2688. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp,
  2689. msg + enc_offset,
  2690. sizeof(msg) - enc_offset))
  2691. || !TEST_int_eq(ctlen += tmp, sizeof(msg))
  2692. || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp))
  2693. || !TEST_int_eq(tmp, 0))
  2694. goto err;
  2695. /* Deliberately initialise tmp to a non zero value */
  2696. tmp = 99;
  2697. if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv))
  2698. || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext,
  2699. dec_offset))
  2700. /*
  2701. * Deliberately add a zero length update. We also deliberately do
  2702. * this at a different offset than for encryption.
  2703. */
  2704. || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL,
  2705. 0))
  2706. || !TEST_int_eq(tmp, 0)
  2707. || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp,
  2708. ciphertext + dec_offset,
  2709. ctlen - dec_offset))
  2710. || !TEST_int_eq(ptlen += tmp, sizeof(msg))
  2711. || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp))
  2712. || !TEST_int_eq(tmp, 0)
  2713. || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen))
  2714. goto err;
  2715. ret = 1;
  2716. err:
  2717. EVP_CIPHER_CTX_free(ctx);
  2718. EVP_CIPHER_free(cipher);
  2719. return ret;
  2720. }
  2721. #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
  2722. #ifndef OPENSSL_NO_DH
  2723. /*
  2724. * Test combinations of private, public, missing and private + public key
  2725. * params to ensure they are all accepted
  2726. */
  2727. static int test_DH_priv_pub(void)
  2728. {
  2729. return test_EVP_PKEY_ffc_priv_pub("DH");
  2730. }
  2731. # ifndef OPENSSL_NO_DEPRECATED_3_0
  2732. static int test_EVP_PKEY_set1_DH(void)
  2733. {
  2734. DH *x942dh = NULL, *noqdh = NULL;
  2735. EVP_PKEY *pkey1 = NULL, *pkey2 = NULL;
  2736. int ret = 0;
  2737. BIGNUM *p, *g = NULL;
  2738. BIGNUM *pubkey = NULL;
  2739. unsigned char pub[2048 / 8];
  2740. size_t len = 0;
  2741. if (!TEST_ptr(p = BN_new())
  2742. || !TEST_ptr(g = BN_new())
  2743. || !TEST_ptr(pubkey = BN_new())
  2744. || !TEST_true(BN_set_word(p, 9999))
  2745. || !TEST_true(BN_set_word(g, 2))
  2746. || !TEST_true(BN_set_word(pubkey, 4321))
  2747. || !TEST_ptr(noqdh = DH_new())
  2748. || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g))
  2749. || !TEST_true(DH_set0_key(noqdh, pubkey, NULL))
  2750. || !TEST_ptr(pubkey = BN_new())
  2751. || !TEST_true(BN_set_word(pubkey, 4321)))
  2752. goto err;
  2753. p = g = NULL;
  2754. x942dh = DH_get_2048_256();
  2755. pkey1 = EVP_PKEY_new();
  2756. pkey2 = EVP_PKEY_new();
  2757. if (!TEST_ptr(x942dh)
  2758. || !TEST_ptr(noqdh)
  2759. || !TEST_ptr(pkey1)
  2760. || !TEST_ptr(pkey2)
  2761. || !TEST_true(DH_set0_key(x942dh, pubkey, NULL)))
  2762. goto err;
  2763. pubkey = NULL;
  2764. if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh))
  2765. || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX))
  2766. goto err;
  2767. if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY,
  2768. &pubkey))
  2769. || !TEST_ptr(pubkey))
  2770. goto err;
  2771. if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh))
  2772. || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH))
  2773. goto err;
  2774. if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2,
  2775. OSSL_PKEY_PARAM_PUB_KEY,
  2776. pub, sizeof(pub), &len))
  2777. || !TEST_size_t_ne(len, 0))
  2778. goto err;
  2779. ret = 1;
  2780. err:
  2781. BN_free(p);
  2782. BN_free(g);
  2783. BN_free(pubkey);
  2784. EVP_PKEY_free(pkey1);
  2785. EVP_PKEY_free(pkey2);
  2786. DH_free(x942dh);
  2787. DH_free(noqdh);
  2788. return ret;
  2789. }
  2790. # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
  2791. #endif /* !OPENSSL_NO_DH */
  2792. /*
  2793. * We test what happens with an empty template. For the sake of this test,
  2794. * the template must be ignored, and we know that's the case for RSA keys
  2795. * (this might arguably be a misfeature, but that's what we currently do,
  2796. * even in provider code, since that's how the legacy RSA implementation
  2797. * does things)
  2798. */
  2799. static int test_keygen_with_empty_template(int n)
  2800. {
  2801. EVP_PKEY_CTX *ctx = NULL;
  2802. EVP_PKEY *pkey = NULL;
  2803. EVP_PKEY *tkey = NULL;
  2804. int ret = 0;
  2805. if (nullprov != NULL)
  2806. return TEST_skip("Test does not support a non-default library context");
  2807. switch (n) {
  2808. case 0:
  2809. /* We do test with no template at all as well */
  2810. if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)))
  2811. goto err;
  2812. break;
  2813. case 1:
  2814. /* Here we create an empty RSA key that serves as our template */
  2815. if (!TEST_ptr(tkey = EVP_PKEY_new())
  2816. || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA))
  2817. || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL)))
  2818. goto err;
  2819. break;
  2820. }
  2821. if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
  2822. || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0))
  2823. goto err;
  2824. ret = 1;
  2825. err:
  2826. EVP_PKEY_CTX_free(ctx);
  2827. EVP_PKEY_free(pkey);
  2828. EVP_PKEY_free(tkey);
  2829. return ret;
  2830. }
  2831. /*
  2832. * Test that we fail if we attempt to use an algorithm that is not available
  2833. * in the current library context (unless we are using an algorithm that
  2834. * should be made available via legacy codepaths).
  2835. *
  2836. * 0: RSA
  2837. * 1: SM2
  2838. */
  2839. static int test_pkey_ctx_fail_without_provider(int tst)
  2840. {
  2841. OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new();
  2842. OSSL_PROVIDER *tmpnullprov = NULL;
  2843. EVP_PKEY_CTX *pctx = NULL;
  2844. const char *keytype = NULL;
  2845. int expect_null = 0;
  2846. int ret = 0;
  2847. if (!TEST_ptr(tmpctx))
  2848. goto err;
  2849. tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null");
  2850. if (!TEST_ptr(tmpnullprov))
  2851. goto err;
  2852. /*
  2853. * We check for certain algos in the null provider.
  2854. * If an algo is expected to have a provider keymgmt, constructing an
  2855. * EVP_PKEY_CTX is expected to fail (return NULL).
  2856. * Otherwise, if it's expected to have legacy support, constructing an
  2857. * EVP_PKEY_CTX is expected to succeed (return non-NULL).
  2858. */
  2859. switch (tst) {
  2860. case 0:
  2861. keytype = "RSA";
  2862. expect_null = 1;
  2863. break;
  2864. case 1:
  2865. keytype = "SM2";
  2866. expect_null = 1;
  2867. #ifdef OPENSSL_NO_EC
  2868. TEST_info("EC disable, skipping SM2 check...");
  2869. goto end;
  2870. #endif
  2871. #ifdef OPENSSL_NO_SM2
  2872. TEST_info("SM2 disable, skipping SM2 check...");
  2873. goto end;
  2874. #endif
  2875. break;
  2876. default:
  2877. TEST_error("No test for case %d", tst);
  2878. goto err;
  2879. }
  2880. pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, "");
  2881. if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx))
  2882. goto err;
  2883. #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
  2884. end:
  2885. #endif
  2886. ret = 1;
  2887. err:
  2888. EVP_PKEY_CTX_free(pctx);
  2889. OSSL_PROVIDER_unload(tmpnullprov);
  2890. OSSL_LIB_CTX_free(tmpctx);
  2891. return ret;
  2892. }
  2893. static int test_rand_agglomeration(void)
  2894. {
  2895. EVP_RAND *rand;
  2896. EVP_RAND_CTX *ctx;
  2897. OSSL_PARAM params[3], *p = params;
  2898. int res;
  2899. unsigned int step = 7;
  2900. static unsigned char seed[] = "It does not matter how slowly you go "
  2901. "as long as you do not stop.";
  2902. unsigned char out[sizeof(seed)];
  2903. if (!TEST_int_ne(sizeof(seed) % step, 0)
  2904. || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq)))
  2905. return 0;
  2906. ctx = EVP_RAND_CTX_new(rand, NULL);
  2907. EVP_RAND_free(rand);
  2908. if (!TEST_ptr(ctx))
  2909. return 0;
  2910. memset(out, 0, sizeof(out));
  2911. *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY,
  2912. seed, sizeof(seed));
  2913. *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step);
  2914. *p = OSSL_PARAM_construct_end();
  2915. res = TEST_true(EVP_RAND_CTX_set_params(ctx, params))
  2916. && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0))
  2917. && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out));
  2918. EVP_RAND_CTX_free(ctx);
  2919. return res;
  2920. }
  2921. /*
  2922. * Test that we correctly return the original or "running" IV after
  2923. * an encryption operation.
  2924. * Run multiple times for some different relevant algorithms/modes.
  2925. */
  2926. static int test_evp_iv_aes(int idx)
  2927. {
  2928. int ret = 0;
  2929. EVP_CIPHER_CTX *ctx = NULL;
  2930. unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
  2931. 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
  2932. unsigned char init_iv[EVP_MAX_IV_LENGTH] =
  2933. {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
  2934. 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
  2935. static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
  2936. 9, 10, 11, 12, 13, 14, 15, 16 };
  2937. unsigned char ciphertext[32], oiv[16], iv[16];
  2938. unsigned char *ref_iv;
  2939. unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
  2940. 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
  2941. unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
  2942. 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
  2943. unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
  2944. 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
  2945. unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
  2946. 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
  2947. unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
  2948. #ifndef OPENSSL_NO_OCB
  2949. unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
  2950. 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
  2951. #endif
  2952. int len = sizeof(ciphertext);
  2953. size_t ivlen, ref_len;
  2954. const EVP_CIPHER *type = NULL;
  2955. int iv_reset = 0;
  2956. if (nullprov != NULL && idx < 6)
  2957. return TEST_skip("Test does not support a non-default library context");
  2958. switch (idx) {
  2959. case 0:
  2960. type = EVP_aes_128_cbc();
  2961. /* FALLTHROUGH */
  2962. case 6:
  2963. type = (type != NULL) ? type :
  2964. EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq);
  2965. ref_iv = cbc_state;
  2966. ref_len = sizeof(cbc_state);
  2967. iv_reset = 1;
  2968. break;
  2969. case 1:
  2970. type = EVP_aes_128_ofb();
  2971. /* FALLTHROUGH */
  2972. case 7:
  2973. type = (type != NULL) ? type :
  2974. EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq);
  2975. ref_iv = ofb_state;
  2976. ref_len = sizeof(ofb_state);
  2977. iv_reset = 1;
  2978. break;
  2979. case 2:
  2980. type = EVP_aes_128_cfb();
  2981. /* FALLTHROUGH */
  2982. case 8:
  2983. type = (type != NULL) ? type :
  2984. EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq);
  2985. ref_iv = cfb_state;
  2986. ref_len = sizeof(cfb_state);
  2987. iv_reset = 1;
  2988. break;
  2989. case 3:
  2990. type = EVP_aes_128_gcm();
  2991. /* FALLTHROUGH */
  2992. case 9:
  2993. type = (type != NULL) ? type :
  2994. EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq);
  2995. ref_iv = gcm_state;
  2996. ref_len = sizeof(gcm_state);
  2997. break;
  2998. case 4:
  2999. type = EVP_aes_128_ccm();
  3000. /* FALLTHROUGH */
  3001. case 10:
  3002. type = (type != NULL) ? type :
  3003. EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq);
  3004. ref_iv = ccm_state;
  3005. ref_len = sizeof(ccm_state);
  3006. break;
  3007. #ifdef OPENSSL_NO_OCB
  3008. case 5:
  3009. case 11:
  3010. return 1;
  3011. #else
  3012. case 5:
  3013. type = EVP_aes_128_ocb();
  3014. /* FALLTHROUGH */
  3015. case 11:
  3016. type = (type != NULL) ? type :
  3017. EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq);
  3018. ref_iv = ocb_state;
  3019. ref_len = sizeof(ocb_state);
  3020. break;
  3021. #endif
  3022. default:
  3023. return 0;
  3024. }
  3025. if (!TEST_ptr(type)
  3026. || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
  3027. || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
  3028. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
  3029. (int)sizeof(msg)))
  3030. || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
  3031. || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
  3032. || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
  3033. goto err;
  3034. ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
  3035. if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
  3036. || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
  3037. goto err;
  3038. /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
  3039. if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
  3040. || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
  3041. goto err;
  3042. if (iv_reset) {
  3043. if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
  3044. goto err;
  3045. } else {
  3046. if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen))
  3047. goto err;
  3048. }
  3049. ret = 1;
  3050. err:
  3051. EVP_CIPHER_CTX_free(ctx);
  3052. if (idx >= 6)
  3053. EVP_CIPHER_free((EVP_CIPHER *)type);
  3054. return ret;
  3055. }
  3056. #ifndef OPENSSL_NO_DES
  3057. static int test_evp_iv_des(int idx)
  3058. {
  3059. int ret = 0;
  3060. EVP_CIPHER_CTX *ctx = NULL;
  3061. static const unsigned char key[24] = {
  3062. 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
  3063. 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
  3064. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
  3065. };
  3066. static const unsigned char init_iv[8] = {
  3067. 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
  3068. };
  3069. static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8,
  3070. 9, 10, 11, 12, 13, 14, 15, 16 };
  3071. unsigned char ciphertext[32], oiv[8], iv[8];
  3072. unsigned const char *ref_iv;
  3073. static const unsigned char cbc_state_des[8] = {
  3074. 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
  3075. };
  3076. static const unsigned char cbc_state_3des[8] = {
  3077. 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
  3078. };
  3079. static const unsigned char ofb_state_des[8] = {
  3080. 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
  3081. };
  3082. static const unsigned char ofb_state_3des[8] = {
  3083. 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
  3084. };
  3085. static const unsigned char cfb_state_des[8] = {
  3086. 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
  3087. };
  3088. static const unsigned char cfb_state_3des[8] = {
  3089. 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
  3090. };
  3091. int len = sizeof(ciphertext);
  3092. size_t ivlen, ref_len;
  3093. EVP_CIPHER *type = NULL;
  3094. if (lgcyprov == NULL && idx < 3)
  3095. return TEST_skip("Test requires legacy provider to be loaded");
  3096. switch (idx) {
  3097. case 0:
  3098. type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq);
  3099. ref_iv = cbc_state_des;
  3100. ref_len = sizeof(cbc_state_des);
  3101. break;
  3102. case 1:
  3103. type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq);
  3104. ref_iv = ofb_state_des;
  3105. ref_len = sizeof(ofb_state_des);
  3106. break;
  3107. case 2:
  3108. type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq);
  3109. ref_iv = cfb_state_des;
  3110. ref_len = sizeof(cfb_state_des);
  3111. break;
  3112. case 3:
  3113. type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq);
  3114. ref_iv = cbc_state_3des;
  3115. ref_len = sizeof(cbc_state_3des);
  3116. break;
  3117. case 4:
  3118. type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq);
  3119. ref_iv = ofb_state_3des;
  3120. ref_len = sizeof(ofb_state_3des);
  3121. break;
  3122. case 5:
  3123. type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq);
  3124. ref_iv = cfb_state_3des;
  3125. ref_len = sizeof(cfb_state_3des);
  3126. break;
  3127. default:
  3128. return 0;
  3129. }
  3130. if (!TEST_ptr(type)
  3131. || !TEST_ptr((ctx = EVP_CIPHER_CTX_new()))
  3132. || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv))
  3133. || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg,
  3134. (int)sizeof(msg)))
  3135. || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv)))
  3136. || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))
  3137. || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len)))
  3138. goto err;
  3139. ivlen = EVP_CIPHER_CTX_get_iv_length(ctx);
  3140. if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen)
  3141. || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen))
  3142. goto err;
  3143. if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL))
  3144. || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))))
  3145. goto err;
  3146. if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen))
  3147. goto err;
  3148. ret = 1;
  3149. err:
  3150. EVP_CIPHER_CTX_free(ctx);
  3151. EVP_CIPHER_free(type);
  3152. return ret;
  3153. }
  3154. #endif
  3155. #ifndef OPENSSL_NO_BF
  3156. static int test_evp_bf_default_keylen(int idx)
  3157. {
  3158. int ret = 0;
  3159. static const char *algos[4] = {
  3160. "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
  3161. };
  3162. int ivlen[4] = { 0, 8, 8, 8 };
  3163. EVP_CIPHER *cipher = NULL;
  3164. if (lgcyprov == NULL)
  3165. return TEST_skip("Test requires legacy provider to be loaded");
  3166. if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq))
  3167. || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16)
  3168. || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx]))
  3169. goto err;
  3170. ret = 1;
  3171. err:
  3172. EVP_CIPHER_free(cipher);
  3173. return ret;
  3174. }
  3175. #endif
  3176. #ifndef OPENSSL_NO_EC
  3177. static int ecpub_nids[] = {
  3178. NID_brainpoolP256r1, NID_X9_62_prime256v1,
  3179. NID_secp384r1, NID_secp521r1,
  3180. # ifndef OPENSSL_NO_EC2M
  3181. NID_sect233k1, NID_sect233r1, NID_sect283r1,
  3182. NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1,
  3183. # endif
  3184. NID_brainpoolP384r1, NID_brainpoolP512r1
  3185. };
  3186. static int test_ecpub(int idx)
  3187. {
  3188. int ret = 0, len, savelen;
  3189. int nid;
  3190. unsigned char buf[1024];
  3191. unsigned char *p;
  3192. EVP_PKEY *pkey = NULL;
  3193. EVP_PKEY_CTX *ctx = NULL;
  3194. # ifndef OPENSSL_NO_DEPRECATED_3_0
  3195. const unsigned char *q;
  3196. EVP_PKEY *pkey2 = NULL;
  3197. EC_KEY *ec = NULL;
  3198. # endif
  3199. if (nullprov != NULL)
  3200. return TEST_skip("Test does not support a non-default library context");
  3201. nid = ecpub_nids[idx];
  3202. ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL);
  3203. if (!TEST_ptr(ctx)
  3204. || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
  3205. || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0)
  3206. || !TEST_true(EVP_PKEY_keygen(ctx, &pkey)))
  3207. goto done;
  3208. len = i2d_PublicKey(pkey, NULL);
  3209. savelen = len;
  3210. if (!TEST_int_ge(len, 1)
  3211. || !TEST_int_lt(len, 1024))
  3212. goto done;
  3213. p = buf;
  3214. len = i2d_PublicKey(pkey, &p);
  3215. if (!TEST_int_ge(len, 1)
  3216. || !TEST_int_eq(len, savelen))
  3217. goto done;
  3218. # ifndef OPENSSL_NO_DEPRECATED_3_0
  3219. /* Now try to decode the just-created DER. */
  3220. q = buf;
  3221. if (!TEST_ptr((pkey2 = EVP_PKEY_new()))
  3222. || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid)))
  3223. || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec)))
  3224. goto done;
  3225. /* EC_KEY ownership transferred */
  3226. ec = NULL;
  3227. if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen)))
  3228. goto done;
  3229. /* The keys should match. */
  3230. if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1))
  3231. goto done;
  3232. # endif
  3233. ret = 1;
  3234. done:
  3235. EVP_PKEY_CTX_free(ctx);
  3236. EVP_PKEY_free(pkey);
  3237. # ifndef OPENSSL_NO_DEPRECATED_3_0
  3238. EVP_PKEY_free(pkey2);
  3239. EC_KEY_free(ec);
  3240. # endif
  3241. return ret;
  3242. }
  3243. #endif
  3244. static int test_EVP_rsa_pss_with_keygen_bits(void)
  3245. {
  3246. int ret = 0;
  3247. EVP_PKEY_CTX *ctx = NULL;
  3248. EVP_PKEY *pkey = NULL;
  3249. EVP_MD *md;
  3250. md = EVP_MD_fetch(testctx, "sha256", testpropq);
  3251. ret = TEST_ptr(md)
  3252. && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq)))
  3253. && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0)
  3254. && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0)
  3255. && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0)
  3256. && TEST_true(EVP_PKEY_keygen(ctx, &pkey));
  3257. EVP_MD_free(md);
  3258. EVP_PKEY_free(pkey);
  3259. EVP_PKEY_CTX_free(ctx);
  3260. return ret;
  3261. }
  3262. static int test_EVP_rsa_pss_set_saltlen(void)
  3263. {
  3264. int ret = 0;
  3265. EVP_PKEY *pkey = NULL;
  3266. EVP_PKEY_CTX *pkey_ctx = NULL;
  3267. EVP_MD *sha256 = NULL;
  3268. EVP_MD_CTX *sha256_ctx = NULL;
  3269. int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
  3270. const int test_value = 32;
  3271. ret = TEST_ptr(pkey = load_example_rsa_key())
  3272. && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL))
  3273. && TEST_ptr(sha256_ctx = EVP_MD_CTX_new())
  3274. && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey))
  3275. && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING))
  3276. && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0)
  3277. && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0)
  3278. && TEST_int_eq(saltlen, test_value);
  3279. EVP_MD_CTX_free(sha256_ctx);
  3280. EVP_PKEY_free(pkey);
  3281. EVP_MD_free(sha256);
  3282. return ret;
  3283. }
  3284. static int success = 1;
  3285. static void md_names(const char *name, void *vctx)
  3286. {
  3287. OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx;
  3288. /* Force a namemap update */
  3289. EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL);
  3290. if (!TEST_ptr(aes128))
  3291. success = 0;
  3292. EVP_CIPHER_free(aes128);
  3293. }
  3294. /*
  3295. * Test that changing the namemap in a user callback works in a names_do_all
  3296. * function.
  3297. */
  3298. static int test_names_do_all(void)
  3299. {
  3300. /* We use a custom libctx so that we know the state of the namemap */
  3301. OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new();
  3302. EVP_MD *sha256 = NULL;
  3303. int testresult = 0;
  3304. if (!TEST_ptr(ctx))
  3305. goto err;
  3306. sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL);
  3307. if (!TEST_ptr(sha256))
  3308. goto err;
  3309. /*
  3310. * We loop through all the names for a given digest. This should still work
  3311. * even if the namemap changes part way through.
  3312. */
  3313. if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx)))
  3314. goto err;
  3315. if (!TEST_true(success))
  3316. goto err;
  3317. testresult = 1;
  3318. err:
  3319. EVP_MD_free(sha256);
  3320. OSSL_LIB_CTX_free(ctx);
  3321. return testresult;
  3322. }
  3323. typedef struct {
  3324. const char *cipher;
  3325. const unsigned char *key;
  3326. const unsigned char *iv;
  3327. const unsigned char *input;
  3328. const unsigned char *expected;
  3329. const unsigned char *tag;
  3330. size_t ivlen; /* 0 if we do not need to set a specific IV len */
  3331. size_t inlen;
  3332. size_t expectedlen;
  3333. size_t taglen;
  3334. int keyfirst;
  3335. int initenc;
  3336. int finalenc;
  3337. } EVP_INIT_TEST_st;
  3338. static const EVP_INIT_TEST_st evp_init_tests[] = {
  3339. {
  3340. "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
  3341. cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
  3342. 0, 1, 0, 1
  3343. },
  3344. {
  3345. "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
  3346. gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
  3347. sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
  3348. sizeof(gcmDefaultTag), 1, 0, 1
  3349. },
  3350. {
  3351. "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext,
  3352. cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext),
  3353. 0, 0, 0, 1
  3354. },
  3355. {
  3356. "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext,
  3357. gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV),
  3358. sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext),
  3359. sizeof(gcmDefaultTag), 0, 0, 1
  3360. },
  3361. {
  3362. "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
  3363. cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
  3364. 0, 1, 1, 0
  3365. },
  3366. {
  3367. "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
  3368. gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
  3369. sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
  3370. sizeof(gcmDefaultTag), 1, 1, 0
  3371. },
  3372. {
  3373. "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext,
  3374. cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext),
  3375. 0, 0, 1, 0
  3376. },
  3377. {
  3378. "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext,
  3379. gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV),
  3380. sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext),
  3381. sizeof(gcmDefaultTag), 0, 1, 0
  3382. }
  3383. };
  3384. static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t)
  3385. {
  3386. int res = 0;
  3387. if (t->ivlen != 0) {
  3388. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0))
  3389. goto err;
  3390. }
  3391. if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1)))
  3392. goto err;
  3393. res = 1;
  3394. err:
  3395. return res;
  3396. }
  3397. /*
  3398. * Test step-wise cipher initialization via EVP_CipherInit_ex where the
  3399. * arguments are given one at a time and a final adjustment to the enc
  3400. * parameter sets the correct operation.
  3401. */
  3402. static int test_evp_init_seq(int idx)
  3403. {
  3404. int outlen1, outlen2;
  3405. int testresult = 0;
  3406. unsigned char outbuf[1024];
  3407. unsigned char tag[16];
  3408. const EVP_INIT_TEST_st *t = &evp_init_tests[idx];
  3409. EVP_CIPHER_CTX *ctx = NULL;
  3410. EVP_CIPHER *type = NULL;
  3411. size_t taglen = sizeof(tag);
  3412. char *errmsg = NULL;
  3413. ctx = EVP_CIPHER_CTX_new();
  3414. if (ctx == NULL) {
  3415. errmsg = "CTX_ALLOC";
  3416. goto err;
  3417. }
  3418. if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) {
  3419. errmsg = "CIPHER_FETCH";
  3420. goto err;
  3421. }
  3422. if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) {
  3423. errmsg = "EMPTY_ENC_INIT";
  3424. goto err;
  3425. }
  3426. if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
  3427. errmsg = "PADDING";
  3428. goto err;
  3429. }
  3430. if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
  3431. errmsg = "KEY_INIT (before iv)";
  3432. goto err;
  3433. }
  3434. if (!evp_init_seq_set_iv(ctx, t)) {
  3435. errmsg = "IV_INIT";
  3436. goto err;
  3437. }
  3438. if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) {
  3439. errmsg = "KEY_INIT (after iv)";
  3440. goto err;
  3441. }
  3442. if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) {
  3443. errmsg = "FINAL_ENC_INIT";
  3444. goto err;
  3445. }
  3446. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
  3447. errmsg = "CIPHER_UPDATE";
  3448. goto err;
  3449. }
  3450. if (t->finalenc == 0 && t->tag != NULL) {
  3451. /* Set expected tag */
  3452. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG,
  3453. t->taglen, (void *)t->tag), 0)) {
  3454. errmsg = "SET_TAG";
  3455. goto err;
  3456. }
  3457. }
  3458. if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
  3459. errmsg = "CIPHER_FINAL";
  3460. goto err;
  3461. }
  3462. if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
  3463. errmsg = "WRONG_RESULT";
  3464. goto err;
  3465. }
  3466. if (t->finalenc != 0 && t->tag != NULL) {
  3467. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
  3468. errmsg = "GET_TAG";
  3469. goto err;
  3470. }
  3471. if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) {
  3472. errmsg = "TAG_ERROR";
  3473. goto err;
  3474. }
  3475. }
  3476. testresult = 1;
  3477. err:
  3478. if (errmsg != NULL)
  3479. TEST_info("evp_init_test %d: %s", idx, errmsg);
  3480. EVP_CIPHER_CTX_free(ctx);
  3481. EVP_CIPHER_free(type);
  3482. return testresult;
  3483. }
  3484. typedef struct {
  3485. const unsigned char *input;
  3486. const unsigned char *expected;
  3487. size_t inlen;
  3488. size_t expectedlen;
  3489. int enc;
  3490. } EVP_RESET_TEST_st;
  3491. static const EVP_RESET_TEST_st evp_reset_tests[] = {
  3492. {
  3493. cfbPlaintext, cfbCiphertext,
  3494. sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1
  3495. },
  3496. {
  3497. cfbCiphertext, cfbPlaintext,
  3498. sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0
  3499. }
  3500. };
  3501. /*
  3502. * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
  3503. * been used.
  3504. */
  3505. static int test_evp_reset(int idx)
  3506. {
  3507. const EVP_RESET_TEST_st *t = &evp_reset_tests[idx];
  3508. int outlen1, outlen2;
  3509. int testresult = 0;
  3510. unsigned char outbuf[1024];
  3511. EVP_CIPHER_CTX *ctx = NULL;
  3512. EVP_CIPHER *type = NULL;
  3513. char *errmsg = NULL;
  3514. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
  3515. errmsg = "CTX_ALLOC";
  3516. goto err;
  3517. }
  3518. if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) {
  3519. errmsg = "CIPHER_FETCH";
  3520. goto err;
  3521. }
  3522. if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
  3523. errmsg = "CIPHER_INIT";
  3524. goto err;
  3525. }
  3526. if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
  3527. errmsg = "PADDING";
  3528. goto err;
  3529. }
  3530. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
  3531. errmsg = "CIPHER_UPDATE";
  3532. goto err;
  3533. }
  3534. if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
  3535. errmsg = "CIPHER_FINAL";
  3536. goto err;
  3537. }
  3538. if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
  3539. errmsg = "WRONG_RESULT";
  3540. goto err;
  3541. }
  3542. if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) {
  3543. errmsg = "CIPHER_REINIT";
  3544. goto err;
  3545. }
  3546. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) {
  3547. errmsg = "CIPHER_UPDATE (reinit)";
  3548. goto err;
  3549. }
  3550. if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
  3551. errmsg = "CIPHER_FINAL (reinit)";
  3552. goto err;
  3553. }
  3554. if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) {
  3555. errmsg = "WRONG_RESULT (reinit)";
  3556. goto err;
  3557. }
  3558. testresult = 1;
  3559. err:
  3560. if (errmsg != NULL)
  3561. TEST_info("test_evp_reset %d: %s", idx, errmsg);
  3562. EVP_CIPHER_CTX_free(ctx);
  3563. EVP_CIPHER_free(type);
  3564. return testresult;
  3565. }
  3566. typedef struct {
  3567. const char *cipher;
  3568. int enc;
  3569. } EVP_UPDATED_IV_TEST_st;
  3570. static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = {
  3571. {
  3572. "aes-128-cfb", 1
  3573. },
  3574. {
  3575. "aes-128-cfb", 0
  3576. },
  3577. {
  3578. "aes-128-cfb1", 1
  3579. },
  3580. {
  3581. "aes-128-cfb1", 0
  3582. },
  3583. {
  3584. "aes-128-cfb8", 1
  3585. },
  3586. {
  3587. "aes-128-cfb8", 0
  3588. },
  3589. {
  3590. "aes-128-ofb", 1
  3591. },
  3592. {
  3593. "aes-128-ofb", 0
  3594. },
  3595. {
  3596. "aes-128-ctr", 1
  3597. },
  3598. {
  3599. "aes-128-ctr", 0
  3600. },
  3601. {
  3602. "aes-128-cbc", 1
  3603. },
  3604. {
  3605. "aes-128-cbc", 0
  3606. }
  3607. };
  3608. /*
  3609. * Test that the IV in the context is updated during a crypto operation for CFB
  3610. * and OFB.
  3611. */
  3612. static int test_evp_updated_iv(int idx)
  3613. {
  3614. const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx];
  3615. int outlen1, outlen2;
  3616. int testresult = 0;
  3617. unsigned char outbuf[1024];
  3618. EVP_CIPHER_CTX *ctx = NULL;
  3619. EVP_CIPHER *type = NULL;
  3620. unsigned char updated_iv[EVP_MAX_IV_LENGTH];
  3621. int iv_len;
  3622. char *errmsg = NULL;
  3623. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
  3624. errmsg = "CTX_ALLOC";
  3625. goto err;
  3626. }
  3627. if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) {
  3628. TEST_info("cipher %s not supported, skipping", t->cipher);
  3629. goto ok;
  3630. }
  3631. if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) {
  3632. errmsg = "CIPHER_INIT";
  3633. goto err;
  3634. }
  3635. if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) {
  3636. errmsg = "PADDING";
  3637. goto err;
  3638. }
  3639. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) {
  3640. errmsg = "CIPHER_UPDATE";
  3641. goto err;
  3642. }
  3643. if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) {
  3644. errmsg = "CIPHER_CTX_GET_UPDATED_IV";
  3645. goto err;
  3646. }
  3647. if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) {
  3648. errmsg = "CIPHER_CTX_GET_IV_LEN";
  3649. goto err;
  3650. }
  3651. if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) {
  3652. errmsg = "IV_NOT_UPDATED";
  3653. goto err;
  3654. }
  3655. if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
  3656. errmsg = "CIPHER_FINAL";
  3657. goto err;
  3658. }
  3659. ok:
  3660. testresult = 1;
  3661. err:
  3662. if (errmsg != NULL)
  3663. TEST_info("test_evp_updated_iv %d: %s", idx, errmsg);
  3664. EVP_CIPHER_CTX_free(ctx);
  3665. EVP_CIPHER_free(type);
  3666. return testresult;
  3667. }
  3668. typedef struct {
  3669. const unsigned char *iv1;
  3670. const unsigned char *iv2;
  3671. const unsigned char *expected1;
  3672. const unsigned char *expected2;
  3673. const unsigned char *tag1;
  3674. const unsigned char *tag2;
  3675. size_t ivlen1;
  3676. size_t ivlen2;
  3677. size_t expectedlen1;
  3678. size_t expectedlen2;
  3679. } TEST_GCM_IV_REINIT_st;
  3680. static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = {
  3681. {
  3682. iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2,
  3683. gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2),
  3684. sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2)
  3685. },
  3686. {
  3687. iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1,
  3688. gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1),
  3689. sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1)
  3690. }
  3691. };
  3692. static int test_gcm_reinit(int idx)
  3693. {
  3694. int outlen1, outlen2, outlen3;
  3695. int testresult = 0;
  3696. unsigned char outbuf[1024];
  3697. unsigned char tag[16];
  3698. const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx];
  3699. EVP_CIPHER_CTX *ctx = NULL;
  3700. EVP_CIPHER *type = NULL;
  3701. size_t taglen = sizeof(tag);
  3702. char *errmsg = NULL;
  3703. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) {
  3704. errmsg = "CTX_ALLOC";
  3705. goto err;
  3706. }
  3707. if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) {
  3708. errmsg = "CIPHER_FETCH";
  3709. goto err;
  3710. }
  3711. if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) {
  3712. errmsg = "ENC_INIT";
  3713. goto err;
  3714. }
  3715. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) {
  3716. errmsg = "SET_IVLEN1";
  3717. goto err;
  3718. }
  3719. if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) {
  3720. errmsg = "SET_IV1";
  3721. goto err;
  3722. }
  3723. if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
  3724. errmsg = "AAD1";
  3725. goto err;
  3726. }
  3727. EVP_CIPHER_CTX_set_padding(ctx, 0);
  3728. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
  3729. sizeof(gcmResetPlaintext)))) {
  3730. errmsg = "CIPHER_UPDATE1";
  3731. goto err;
  3732. }
  3733. if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
  3734. errmsg = "CIPHER_FINAL1";
  3735. goto err;
  3736. }
  3737. if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) {
  3738. errmsg = "WRONG_RESULT1";
  3739. goto err;
  3740. }
  3741. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
  3742. errmsg = "GET_TAG1";
  3743. goto err;
  3744. }
  3745. if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) {
  3746. errmsg = "TAG_ERROR1";
  3747. goto err;
  3748. }
  3749. /* Now reinit */
  3750. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) {
  3751. errmsg = "SET_IVLEN2";
  3752. goto err;
  3753. }
  3754. if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) {
  3755. errmsg = "SET_IV2";
  3756. goto err;
  3757. }
  3758. if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) {
  3759. errmsg = "AAD2";
  3760. goto err;
  3761. }
  3762. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext,
  3763. sizeof(gcmResetPlaintext)))) {
  3764. errmsg = "CIPHER_UPDATE2";
  3765. goto err;
  3766. }
  3767. if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) {
  3768. errmsg = "CIPHER_FINAL2";
  3769. goto err;
  3770. }
  3771. if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) {
  3772. errmsg = "WRONG_RESULT2";
  3773. goto err;
  3774. }
  3775. if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) {
  3776. errmsg = "GET_TAG2";
  3777. goto err;
  3778. }
  3779. if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) {
  3780. errmsg = "TAG_ERROR2";
  3781. goto err;
  3782. }
  3783. testresult = 1;
  3784. err:
  3785. if (errmsg != NULL)
  3786. TEST_info("evp_init_test %d: %s", idx, errmsg);
  3787. EVP_CIPHER_CTX_free(ctx);
  3788. EVP_CIPHER_free(type);
  3789. return testresult;
  3790. }
  3791. static const char *ivlen_change_ciphers[] = {
  3792. "AES-256-GCM",
  3793. #ifndef OPENSSL_NO_OCB
  3794. "AES-256-OCB",
  3795. #endif
  3796. "AES-256-CCM"
  3797. };
  3798. /* Negative test for ivlen change after iv being set */
  3799. static int test_ivlen_change(int idx)
  3800. {
  3801. int outlen;
  3802. int res = 0;
  3803. unsigned char outbuf[1024];
  3804. static const unsigned char iv[] = {
  3805. 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
  3806. 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
  3807. };
  3808. EVP_CIPHER_CTX *ctx = NULL;
  3809. EVP_CIPHER *ciph = NULL;
  3810. OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
  3811. size_t ivlen = 13; /* non-default IV length */
  3812. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
  3813. goto err;
  3814. if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx],
  3815. testpropq)))
  3816. goto err;
  3817. if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1)))
  3818. goto err;
  3819. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
  3820. sizeof(gcmDefaultPlaintext))))
  3821. goto err;
  3822. params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
  3823. &ivlen);
  3824. if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
  3825. goto err;
  3826. ERR_set_mark();
  3827. if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
  3828. sizeof(gcmDefaultPlaintext)))) {
  3829. ERR_clear_last_mark();
  3830. goto err;
  3831. }
  3832. ERR_pop_to_mark();
  3833. res = 1;
  3834. err:
  3835. EVP_CIPHER_CTX_free(ctx);
  3836. EVP_CIPHER_free(ciph);
  3837. return res;
  3838. }
  3839. static const char *keylen_change_ciphers[] = {
  3840. #ifndef OPENSSL_NO_BF
  3841. "BF-ECB",
  3842. #endif
  3843. #ifndef OPENSSL_NO_CAST
  3844. "CAST5-ECB",
  3845. #endif
  3846. #ifndef OPENSSL_NO_RC2
  3847. "RC2-ECB",
  3848. #endif
  3849. #ifndef OPENSSL_NO_RC4
  3850. "RC4",
  3851. #endif
  3852. #ifndef OPENSSL_NO_RC5
  3853. "RC5-ECB",
  3854. #endif
  3855. NULL
  3856. };
  3857. /* Negative test for keylen change after key was set */
  3858. static int test_keylen_change(int idx)
  3859. {
  3860. int outlen;
  3861. int res = 0;
  3862. unsigned char outbuf[1024];
  3863. static const unsigned char key[] = {
  3864. 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
  3865. 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
  3866. };
  3867. EVP_CIPHER_CTX *ctx = NULL;
  3868. EVP_CIPHER *ciph = NULL;
  3869. OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END };
  3870. size_t keylen = 12; /* non-default key length */
  3871. if (lgcyprov == NULL)
  3872. return TEST_skip("Test requires legacy provider to be loaded");
  3873. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()))
  3874. goto err;
  3875. if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx],
  3876. testpropq)))
  3877. goto err;
  3878. if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1)))
  3879. goto err;
  3880. if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
  3881. sizeof(gcmDefaultPlaintext))))
  3882. goto err;
  3883. params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
  3884. &keylen);
  3885. if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)))
  3886. goto err;
  3887. ERR_set_mark();
  3888. if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext,
  3889. sizeof(gcmDefaultPlaintext)))) {
  3890. ERR_clear_last_mark();
  3891. goto err;
  3892. }
  3893. ERR_pop_to_mark();
  3894. res = 1;
  3895. err:
  3896. EVP_CIPHER_CTX_free(ctx);
  3897. EVP_CIPHER_free(ciph);
  3898. return res;
  3899. }
  3900. #ifndef OPENSSL_NO_DEPRECATED_3_0
  3901. static EVP_PKEY_METHOD *custom_pmeth = NULL;
  3902. static const EVP_PKEY_METHOD *orig_pmeth = NULL;
  3903. # define EVP_PKEY_CTRL_MY_COMMAND 9999
  3904. static int custom_pmeth_init(EVP_PKEY_CTX *ctx)
  3905. {
  3906. int (*pinit)(EVP_PKEY_CTX *ctx);
  3907. EVP_PKEY_meth_get_init(orig_pmeth, &pinit);
  3908. return pinit(ctx);
  3909. }
  3910. static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx)
  3911. {
  3912. void (*pcleanup)(EVP_PKEY_CTX *ctx);
  3913. EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup);
  3914. pcleanup(ctx);
  3915. }
  3916. static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out,
  3917. size_t *outlen, const unsigned char *in,
  3918. size_t inlen)
  3919. {
  3920. int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
  3921. const unsigned char *tbs, size_t tbslen);
  3922. EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign);
  3923. return psign(ctx, out, outlen, in, inlen);
  3924. }
  3925. static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig,
  3926. size_t *siglen, const unsigned char *tbs,
  3927. size_t tbslen)
  3928. {
  3929. int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen,
  3930. const unsigned char *tbs, size_t tbslen);
  3931. EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign);
  3932. return pdigestsign(ctx, sig, siglen, tbs, tbslen);
  3933. }
  3934. static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
  3935. size_t *keylen)
  3936. {
  3937. int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen);
  3938. EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive);
  3939. return pderive(ctx, key, keylen);
  3940. }
  3941. static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src)
  3942. {
  3943. int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src);
  3944. EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy);
  3945. return pcopy(dst, src);
  3946. }
  3947. static int ctrl_called;
  3948. static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
  3949. {
  3950. int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2);
  3951. EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL);
  3952. if (type == EVP_PKEY_CTRL_MY_COMMAND) {
  3953. ctrl_called = 1;
  3954. return 1;
  3955. }
  3956. return pctrl(ctx, type, p1, p2);
  3957. }
  3958. static int test_custom_pmeth(int idx)
  3959. {
  3960. EVP_PKEY_CTX *pctx = NULL;
  3961. EVP_MD_CTX *ctx = NULL;
  3962. EVP_PKEY *pkey = NULL;
  3963. int id, orig_id, orig_flags;
  3964. int testresult = 0;
  3965. size_t reslen;
  3966. unsigned char *res = NULL;
  3967. unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' };
  3968. const EVP_MD *md = EVP_sha256();
  3969. int doderive = 0;
  3970. ctrl_called = 0;
  3971. /* We call deprecated APIs so this test doesn't support a custom libctx */
  3972. if (testctx != NULL)
  3973. return 1;
  3974. switch (idx) {
  3975. case 0:
  3976. case 6:
  3977. id = EVP_PKEY_RSA;
  3978. pkey = load_example_rsa_key();
  3979. break;
  3980. case 1:
  3981. case 7:
  3982. # ifndef OPENSSL_NO_DSA
  3983. id = EVP_PKEY_DSA;
  3984. pkey = load_example_dsa_key();
  3985. break;
  3986. # else
  3987. return 1;
  3988. # endif
  3989. case 2:
  3990. case 8:
  3991. # ifndef OPENSSL_NO_EC
  3992. id = EVP_PKEY_EC;
  3993. pkey = load_example_ec_key();
  3994. break;
  3995. # else
  3996. return 1;
  3997. # endif
  3998. case 3:
  3999. case 9:
  4000. # ifndef OPENSSL_NO_ECX
  4001. id = EVP_PKEY_ED25519;
  4002. md = NULL;
  4003. pkey = load_example_ed25519_key();
  4004. break;
  4005. # else
  4006. return 1;
  4007. # endif
  4008. case 4:
  4009. case 10:
  4010. # ifndef OPENSSL_NO_DH
  4011. id = EVP_PKEY_DH;
  4012. doderive = 1;
  4013. pkey = load_example_dh_key();
  4014. break;
  4015. # else
  4016. return 1;
  4017. # endif
  4018. case 5:
  4019. case 11:
  4020. # ifndef OPENSSL_NO_ECX
  4021. id = EVP_PKEY_X25519;
  4022. doderive = 1;
  4023. pkey = load_example_x25519_key();
  4024. break;
  4025. # else
  4026. return 1;
  4027. # endif
  4028. default:
  4029. TEST_error("Should not happen");
  4030. goto err;
  4031. }
  4032. if (!TEST_ptr(pkey))
  4033. goto err;
  4034. if (idx < 6) {
  4035. if (!TEST_true(evp_pkey_is_provided(pkey)))
  4036. goto err;
  4037. } else {
  4038. EVP_PKEY *tmp = pkey;
  4039. /* Convert to a legacy key */
  4040. pkey = EVP_PKEY_new();
  4041. if (!TEST_ptr(pkey)) {
  4042. pkey = tmp;
  4043. goto err;
  4044. }
  4045. if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) {
  4046. EVP_PKEY_free(tmp);
  4047. goto err;
  4048. }
  4049. EVP_PKEY_free(tmp);
  4050. if (!TEST_true(evp_pkey_is_legacy(pkey)))
  4051. goto err;
  4052. }
  4053. if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id))
  4054. || !TEST_ptr(pkey))
  4055. goto err;
  4056. EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth);
  4057. if (!TEST_int_eq(orig_id, id)
  4058. || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags)))
  4059. goto err;
  4060. if (id == EVP_PKEY_ED25519) {
  4061. EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign);
  4062. } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) {
  4063. EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive);
  4064. } else {
  4065. EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign);
  4066. }
  4067. if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) {
  4068. EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init);
  4069. EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup);
  4070. EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy);
  4071. }
  4072. EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL);
  4073. if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth)))
  4074. goto err;
  4075. if (doderive) {
  4076. pctx = EVP_PKEY_CTX_new(pkey, NULL);
  4077. if (!TEST_ptr(pctx)
  4078. || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1)
  4079. || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
  4080. EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
  4081. 1)
  4082. || !TEST_int_eq(ctrl_called, 1)
  4083. || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1)
  4084. || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1)
  4085. || !TEST_ptr(res = OPENSSL_malloc(reslen))
  4086. || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1))
  4087. goto err;
  4088. } else {
  4089. ctx = EVP_MD_CTX_new();
  4090. reslen = EVP_PKEY_size(pkey);
  4091. res = OPENSSL_malloc(reslen);
  4092. if (!TEST_ptr(ctx)
  4093. || !TEST_ptr(res)
  4094. || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey))
  4095. || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1,
  4096. EVP_PKEY_CTRL_MY_COMMAND, 0, NULL),
  4097. 1)
  4098. || !TEST_int_eq(ctrl_called, 1))
  4099. goto err;
  4100. if (id == EVP_PKEY_ED25519) {
  4101. if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg))))
  4102. goto err;
  4103. } else {
  4104. if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg)))
  4105. || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen)))
  4106. goto err;
  4107. }
  4108. }
  4109. testresult = 1;
  4110. err:
  4111. OPENSSL_free(res);
  4112. EVP_MD_CTX_free(ctx);
  4113. if (doderive)
  4114. EVP_PKEY_CTX_free(pctx);
  4115. EVP_PKEY_free(pkey);
  4116. EVP_PKEY_meth_remove(custom_pmeth);
  4117. EVP_PKEY_meth_free(custom_pmeth);
  4118. custom_pmeth = NULL;
  4119. return testresult;
  4120. }
  4121. static int test_evp_md_cipher_meth(void)
  4122. {
  4123. EVP_MD *md = EVP_MD_meth_dup(EVP_sha256());
  4124. EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
  4125. int testresult = 0;
  4126. if (!TEST_ptr(md) || !TEST_ptr(ciph))
  4127. goto err;
  4128. testresult = 1;
  4129. err:
  4130. EVP_MD_meth_free(md);
  4131. EVP_CIPHER_meth_free(ciph);
  4132. return testresult;
  4133. }
  4134. typedef struct {
  4135. int data;
  4136. } custom_dgst_ctx;
  4137. static int custom_md_init_called = 0;
  4138. static int custom_md_cleanup_called = 0;
  4139. static int custom_md_init(EVP_MD_CTX *ctx)
  4140. {
  4141. custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
  4142. if (p == NULL)
  4143. return 0;
  4144. custom_md_init_called++;
  4145. return 1;
  4146. }
  4147. static int custom_md_cleanup(EVP_MD_CTX *ctx)
  4148. {
  4149. custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx);
  4150. if (p == NULL)
  4151. /* Nothing to do */
  4152. return 1;
  4153. custom_md_cleanup_called++;
  4154. return 1;
  4155. }
  4156. static int test_custom_md_meth(void)
  4157. {
  4158. EVP_MD_CTX *mdctx = NULL;
  4159. EVP_MD *tmp = NULL;
  4160. char mess[] = "Test Message\n";
  4161. unsigned char md_value[EVP_MAX_MD_SIZE];
  4162. unsigned int md_len;
  4163. int testresult = 0;
  4164. int nid;
  4165. /*
  4166. * We are testing deprecated functions. We don't support a non-default
  4167. * library context in this test.
  4168. */
  4169. if (testctx != NULL)
  4170. return TEST_skip("Non-default libctx");
  4171. custom_md_init_called = custom_md_cleanup_called = 0;
  4172. nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
  4173. if (!TEST_int_ne(nid, NID_undef))
  4174. goto err;
  4175. tmp = EVP_MD_meth_new(nid, NID_undef);
  4176. if (!TEST_ptr(tmp))
  4177. goto err;
  4178. if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init))
  4179. || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup))
  4180. || !TEST_true(EVP_MD_meth_set_app_datasize(tmp,
  4181. sizeof(custom_dgst_ctx))))
  4182. goto err;
  4183. mdctx = EVP_MD_CTX_new();
  4184. if (!TEST_ptr(mdctx)
  4185. /*
  4186. * Initing our custom md and then initing another md should
  4187. * result in the init and cleanup functions of the custom md
  4188. * being called.
  4189. */
  4190. || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL))
  4191. || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL))
  4192. || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess)))
  4193. || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len))
  4194. || !TEST_int_eq(custom_md_init_called, 1)
  4195. || !TEST_int_eq(custom_md_cleanup_called, 1))
  4196. goto err;
  4197. testresult = 1;
  4198. err:
  4199. EVP_MD_CTX_free(mdctx);
  4200. EVP_MD_meth_free(tmp);
  4201. return testresult;
  4202. }
  4203. typedef struct {
  4204. int data;
  4205. } custom_ciph_ctx;
  4206. static int custom_ciph_init_called = 0;
  4207. static int custom_ciph_cleanup_called = 0;
  4208. static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key,
  4209. const unsigned char *iv, int enc)
  4210. {
  4211. custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
  4212. if (p == NULL)
  4213. return 0;
  4214. custom_ciph_init_called++;
  4215. return 1;
  4216. }
  4217. static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx)
  4218. {
  4219. custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx);
  4220. if (p == NULL)
  4221. /* Nothing to do */
  4222. return 1;
  4223. custom_ciph_cleanup_called++;
  4224. return 1;
  4225. }
  4226. static int test_custom_ciph_meth(void)
  4227. {
  4228. EVP_CIPHER_CTX *ciphctx = NULL;
  4229. EVP_CIPHER *tmp = NULL;
  4230. int testresult = 0;
  4231. int nid;
  4232. /*
  4233. * We are testing deprecated functions. We don't support a non-default
  4234. * library context in this test.
  4235. */
  4236. if (testctx != NULL)
  4237. return TEST_skip("Non-default libctx");
  4238. custom_ciph_init_called = custom_ciph_cleanup_called = 0;
  4239. nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
  4240. if (!TEST_int_ne(nid, NID_undef))
  4241. goto err;
  4242. tmp = EVP_CIPHER_meth_new(nid, 16, 16);
  4243. if (!TEST_ptr(tmp))
  4244. goto err;
  4245. if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init))
  4246. || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT))
  4247. || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup))
  4248. || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp,
  4249. sizeof(custom_ciph_ctx))))
  4250. goto err;
  4251. ciphctx = EVP_CIPHER_CTX_new();
  4252. if (!TEST_ptr(ciphctx)
  4253. /*
  4254. * Initing our custom cipher and then initing another cipher
  4255. * should result in the init and cleanup functions of the custom
  4256. * cipher being called.
  4257. */
  4258. || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1))
  4259. || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL,
  4260. NULL, NULL, 1))
  4261. || !TEST_int_eq(custom_ciph_init_called, 1)
  4262. || !TEST_int_eq(custom_ciph_cleanup_called, 1))
  4263. goto err;
  4264. testresult = 1;
  4265. err:
  4266. EVP_CIPHER_CTX_free(ciphctx);
  4267. EVP_CIPHER_meth_free(tmp);
  4268. return testresult;
  4269. }
  4270. # ifndef OPENSSL_NO_DYNAMIC_ENGINE
  4271. /* Test we can create a signature keys with an associated ENGINE */
  4272. static int test_signatures_with_engine(int tst)
  4273. {
  4274. ENGINE *e;
  4275. const char *engine_id = "dasync";
  4276. EVP_PKEY *pkey = NULL;
  4277. const unsigned char badcmackey[] = { 0x00, 0x01 };
  4278. const unsigned char cmackey[] = {
  4279. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  4280. 0x0c, 0x0d, 0x0e, 0x0f
  4281. };
  4282. const unsigned char ed25519key[] = {
  4283. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  4284. 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
  4285. 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
  4286. };
  4287. const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
  4288. int testresult = 0;
  4289. EVP_MD_CTX *ctx = NULL;
  4290. unsigned char *mac = NULL;
  4291. size_t maclen = 0;
  4292. int ret;
  4293. # ifdef OPENSSL_NO_CMAC
  4294. /* Skip CMAC tests in a no-cmac build */
  4295. if (tst <= 1)
  4296. return 1;
  4297. # endif
  4298. # ifdef OPENSSL_NO_ECX
  4299. /* Skip ECX tests in a no-ecx build */
  4300. if (tst == 2)
  4301. return 1;
  4302. # endif
  4303. if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
  4304. return 0;
  4305. if (!TEST_true(ENGINE_init(e))) {
  4306. ENGINE_free(e);
  4307. return 0;
  4308. }
  4309. switch (tst) {
  4310. case 0:
  4311. pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey),
  4312. EVP_aes_128_cbc());
  4313. break;
  4314. case 1:
  4315. pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey),
  4316. EVP_aes_128_cbc());
  4317. break;
  4318. case 2:
  4319. pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key,
  4320. sizeof(ed25519key));
  4321. break;
  4322. default:
  4323. TEST_error("Invalid test case");
  4324. goto err;
  4325. }
  4326. if (!TEST_ptr(pkey))
  4327. goto err;
  4328. if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
  4329. goto err;
  4330. ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL,
  4331. pkey);
  4332. if (tst == 0) {
  4333. if (!TEST_true(ret))
  4334. goto err;
  4335. if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg)))
  4336. || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen)))
  4337. goto err;
  4338. if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
  4339. goto err;
  4340. if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen)))
  4341. goto err;
  4342. } else {
  4343. /* We used a bad key. We expect a failure here */
  4344. if (!TEST_false(ret))
  4345. goto err;
  4346. }
  4347. testresult = 1;
  4348. err:
  4349. EVP_MD_CTX_free(ctx);
  4350. OPENSSL_free(mac);
  4351. EVP_PKEY_free(pkey);
  4352. ENGINE_finish(e);
  4353. ENGINE_free(e);
  4354. return testresult;
  4355. }
  4356. static int test_cipher_with_engine(void)
  4357. {
  4358. ENGINE *e;
  4359. const char *engine_id = "dasync";
  4360. const unsigned char keyiv[] = {
  4361. 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
  4362. 0x0c, 0x0d, 0x0e, 0x0f
  4363. };
  4364. const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
  4365. int testresult = 0;
  4366. EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL;
  4367. unsigned char buf[AES_BLOCK_SIZE];
  4368. int len = 0;
  4369. if (!TEST_ptr(e = ENGINE_by_id(engine_id)))
  4370. return 0;
  4371. if (!TEST_true(ENGINE_init(e))) {
  4372. ENGINE_free(e);
  4373. return 0;
  4374. }
  4375. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  4376. || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new()))
  4377. goto err;
  4378. if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv)))
  4379. goto err;
  4380. /* Copy the ctx, and complete the operation with the new ctx */
  4381. if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx)))
  4382. goto err;
  4383. if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg)))
  4384. || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len)))
  4385. goto err;
  4386. testresult = 1;
  4387. err:
  4388. EVP_CIPHER_CTX_free(ctx);
  4389. EVP_CIPHER_CTX_free(ctx2);
  4390. ENGINE_finish(e);
  4391. ENGINE_free(e);
  4392. return testresult;
  4393. }
  4394. # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
  4395. #endif /* OPENSSL_NO_DEPRECATED_3_0 */
  4396. #ifndef OPENSSL_NO_ECX
  4397. static int ecxnids[] = {
  4398. NID_X25519,
  4399. NID_X448,
  4400. NID_ED25519,
  4401. NID_ED448
  4402. };
  4403. /* Test that creating ECX keys with a short private key fails as expected */
  4404. static int test_ecx_short_keys(int tst)
  4405. {
  4406. unsigned char ecxkeydata = 1;
  4407. EVP_PKEY *pkey;
  4408. pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]),
  4409. NULL, &ecxkeydata, 1);
  4410. if (!TEST_ptr_null(pkey)) {
  4411. EVP_PKEY_free(pkey);
  4412. return 0;
  4413. }
  4414. return 1;
  4415. }
  4416. #endif
  4417. typedef enum OPTION_choice {
  4418. OPT_ERR = -1,
  4419. OPT_EOF = 0,
  4420. OPT_CONTEXT,
  4421. OPT_TEST_ENUM
  4422. } OPTION_CHOICE;
  4423. const OPTIONS *test_get_options(void)
  4424. {
  4425. static const OPTIONS options[] = {
  4426. OPT_TEST_OPTIONS_DEFAULT_USAGE,
  4427. { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" },
  4428. { NULL }
  4429. };
  4430. return options;
  4431. }
  4432. #ifndef OPENSSL_NO_ECX
  4433. /* Test that trying to sign with a public key errors out gracefully */
  4434. static int test_ecx_not_private_key(int tst)
  4435. {
  4436. EVP_PKEY *pkey = NULL;
  4437. const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 };
  4438. int testresult = 0;
  4439. EVP_MD_CTX *ctx = NULL;
  4440. unsigned char *mac = NULL;
  4441. size_t maclen = 0;
  4442. unsigned char *pubkey;
  4443. size_t pubkeylen;
  4444. switch (keys[tst].type) {
  4445. case NID_X25519:
  4446. case NID_X448:
  4447. return TEST_skip("signing not supported for X25519/X448");
  4448. }
  4449. /* Check if this algorithm supports public keys */
  4450. if (keys[tst].pub == NULL)
  4451. return TEST_skip("no public key present");
  4452. pubkey = (unsigned char *)keys[tst].pub;
  4453. pubkeylen = strlen(keys[tst].pub);
  4454. pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type),
  4455. NULL, pubkey, pubkeylen);
  4456. if (!TEST_ptr(pkey))
  4457. goto err;
  4458. if (!TEST_ptr(ctx = EVP_MD_CTX_new()))
  4459. goto err;
  4460. if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1)
  4461. goto check_err;
  4462. if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1)
  4463. goto check_err;
  4464. if (!TEST_ptr(mac = OPENSSL_malloc(maclen)))
  4465. goto err;
  4466. if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0))
  4467. goto err;
  4468. check_err:
  4469. /*
  4470. * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
  4471. * but we relax the check to allow error also thrown by
  4472. * EVP_DigestSignInit and EVP_DigestSign.
  4473. */
  4474. if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) {
  4475. testresult = 1;
  4476. ERR_clear_error();
  4477. }
  4478. err:
  4479. EVP_MD_CTX_free(ctx);
  4480. OPENSSL_free(mac);
  4481. EVP_PKEY_free(pkey);
  4482. return testresult;
  4483. }
  4484. #endif /* OPENSSL_NO_ECX */
  4485. static int test_sign_continuation(void)
  4486. {
  4487. OSSL_PROVIDER *fake_rsa = NULL;
  4488. int testresult = 0;
  4489. EVP_PKEY *pkey = NULL;
  4490. EVP_PKEY_CTX *pctx = NULL;
  4491. EVP_MD_CTX *mctx = NULL;
  4492. const char sigbuf[] = "To Be Signed";
  4493. unsigned char signature[256];
  4494. size_t siglen = 256;
  4495. static int nodupnum = 1;
  4496. static const OSSL_PARAM nodup_params[] = {
  4497. OSSL_PARAM_int("NO_DUP", &nodupnum),
  4498. OSSL_PARAM_END
  4499. };
  4500. if (!TEST_ptr(fake_rsa = fake_rsa_start(testctx)))
  4501. return 0;
  4502. /* Construct a pkey using precise propq to use our provider */
  4503. if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA",
  4504. "provider=fake-rsa"))
  4505. || !TEST_true(EVP_PKEY_fromdata_init(pctx))
  4506. || !TEST_true(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, NULL))
  4507. || !TEST_ptr(pkey))
  4508. goto end;
  4509. /* First test it continues (classic behavior) */
  4510. if (!TEST_ptr(mctx = EVP_MD_CTX_new())
  4511. || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
  4512. NULL, pkey, NULL))
  4513. || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
  4514. || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
  4515. || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
  4516. || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen)))
  4517. goto end;
  4518. EVP_MD_CTX_free(mctx);
  4519. /* try again but failing the continuation */
  4520. if (!TEST_ptr(mctx = EVP_MD_CTX_new())
  4521. || !TEST_true(EVP_DigestSignInit_ex(mctx, NULL, NULL, testctx,
  4522. NULL, pkey, nodup_params))
  4523. || !TEST_true(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
  4524. || !TEST_true(EVP_DigestSignFinal(mctx, signature, &siglen))
  4525. || !TEST_false(EVP_DigestSignUpdate(mctx, sigbuf, sizeof(sigbuf)))
  4526. || !TEST_false(EVP_DigestSignFinal(mctx, signature, &siglen)))
  4527. goto end;
  4528. testresult = 1;
  4529. end:
  4530. EVP_MD_CTX_free(mctx);
  4531. EVP_PKEY_free(pkey);
  4532. EVP_PKEY_CTX_free(pctx);
  4533. fake_rsa_finish(fake_rsa);
  4534. return testresult;
  4535. }
  4536. static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s,
  4537. const unsigned char *gcm_iv, size_t gcm_ivlen,
  4538. const unsigned char *gcm_pt, size_t gcm_pt_s,
  4539. const unsigned char *gcm_aad, size_t gcm_aad_s,
  4540. const unsigned char *gcm_ct, size_t gcm_ct_s,
  4541. const unsigned char *gcm_tag, size_t gcm_tag_s)
  4542. {
  4543. int ret = 0;
  4544. EVP_CIPHER_CTX *ctx;
  4545. EVP_CIPHER *cipher = NULL;
  4546. int outlen, tmplen;
  4547. unsigned char outbuf[1024];
  4548. unsigned char outtag[16];
  4549. OSSL_PARAM params[2] = {
  4550. OSSL_PARAM_END, OSSL_PARAM_END
  4551. };
  4552. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  4553. || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")))
  4554. goto err;
  4555. params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
  4556. &gcm_ivlen);
  4557. if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
  4558. || (gcm_aad != NULL
  4559. && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen,
  4560. gcm_aad, gcm_aad_s)))
  4561. || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
  4562. gcm_pt, gcm_pt_s))
  4563. || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
  4564. goto err;
  4565. params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
  4566. outtag, sizeof(outtag));
  4567. if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params))
  4568. || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s)
  4569. || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s))
  4570. goto err;
  4571. ret = 1;
  4572. err:
  4573. EVP_CIPHER_free(cipher);
  4574. EVP_CIPHER_CTX_free(ctx);
  4575. return ret;
  4576. }
  4577. static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s,
  4578. const unsigned char *gcm_iv, size_t gcm_ivlen,
  4579. const unsigned char *gcm_pt, size_t gcm_pt_s,
  4580. const unsigned char *gcm_aad, size_t gcm_aad_s,
  4581. const unsigned char *gcm_ct, size_t gcm_ct_s,
  4582. const unsigned char *gcm_tag, size_t gcm_tag_s)
  4583. {
  4584. int ret = 0;
  4585. EVP_CIPHER_CTX *ctx;
  4586. EVP_CIPHER *cipher = NULL;
  4587. int outlen;
  4588. unsigned char outbuf[1024];
  4589. OSSL_PARAM params[2] = {
  4590. OSSL_PARAM_END, OSSL_PARAM_END
  4591. };
  4592. if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
  4593. goto err;
  4594. if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL)
  4595. goto err;
  4596. params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN,
  4597. &gcm_ivlen);
  4598. if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params))
  4599. || (gcm_aad != NULL
  4600. && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen,
  4601. gcm_aad, gcm_aad_s)))
  4602. || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
  4603. gcm_ct, gcm_ct_s))
  4604. || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s))
  4605. goto err;
  4606. params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG,
  4607. (void*)gcm_tag, gcm_tag_s);
  4608. if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))
  4609. ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen)))
  4610. goto err;
  4611. ret = 1;
  4612. err:
  4613. EVP_CIPHER_free(cipher);
  4614. EVP_CIPHER_CTX_free(ctx);
  4615. return ret;
  4616. }
  4617. static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
  4618. {
  4619. /* AES-GCM test data obtained from NIST public test vectors */
  4620. static const unsigned char gcm_key[] = {
  4621. 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
  4622. 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
  4623. 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
  4624. };
  4625. static const unsigned char gcm_iv[] = {
  4626. 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
  4627. 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
  4628. 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
  4629. 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
  4630. 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
  4631. 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
  4632. 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
  4633. 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
  4634. 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
  4635. 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
  4636. 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
  4637. };
  4638. static const unsigned char gcm_pt[] = {
  4639. 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
  4640. 0x4f, 0xe3, 0x6f, 0x81,
  4641. };
  4642. static const unsigned char gcm_ct[] = {
  4643. 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
  4644. 0xe2, 0xd0, 0xec, 0xed,
  4645. };
  4646. static const unsigned char gcm_tag[] = {
  4647. 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
  4648. 0xdb, 0x99, 0x6c, 0x21,
  4649. };
  4650. return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
  4651. gcm_pt, sizeof(gcm_pt), NULL, 0,
  4652. gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag))
  4653. && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv),
  4654. gcm_pt, sizeof(gcm_pt), NULL, 0,
  4655. gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag));
  4656. }
  4657. #ifndef OPENSSL_NO_RC4
  4658. static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s,
  4659. const unsigned char *rc4_pt, size_t rc4_pt_s,
  4660. const unsigned char *rc4_ct, size_t rc4_ct_s)
  4661. {
  4662. int ret = 0;
  4663. EVP_CIPHER_CTX *ctx;
  4664. EVP_CIPHER *cipher = NULL;
  4665. int outlen, tmplen;
  4666. unsigned char outbuf[1024];
  4667. OSSL_PARAM params[2] = {
  4668. OSSL_PARAM_END, OSSL_PARAM_END
  4669. };
  4670. if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())
  4671. || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", "")))
  4672. goto err;
  4673. params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
  4674. &rc4_key_s);
  4675. if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
  4676. || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen,
  4677. rc4_pt, rc4_pt_s))
  4678. || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen)))
  4679. goto err;
  4680. if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s))
  4681. goto err;
  4682. ret = 1;
  4683. err:
  4684. EVP_CIPHER_free(cipher);
  4685. EVP_CIPHER_CTX_free(ctx);
  4686. return ret;
  4687. }
  4688. static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s,
  4689. const unsigned char *rc4_pt, size_t rc4_pt_s,
  4690. const unsigned char *rc4_ct, size_t rc4_ct_s)
  4691. {
  4692. int ret = 0;
  4693. EVP_CIPHER_CTX *ctx;
  4694. EVP_CIPHER *cipher = NULL;
  4695. int outlen;
  4696. unsigned char outbuf[1024];
  4697. OSSL_PARAM params[2] = {
  4698. OSSL_PARAM_END, OSSL_PARAM_END
  4699. };
  4700. if ((ctx = EVP_CIPHER_CTX_new()) == NULL)
  4701. goto err;
  4702. if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL)
  4703. goto err;
  4704. params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN,
  4705. &rc4_key_s);
  4706. if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params))
  4707. || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen,
  4708. rc4_ct, rc4_ct_s))
  4709. || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s))
  4710. goto err;
  4711. ret = 1;
  4712. err:
  4713. EVP_CIPHER_free(cipher);
  4714. EVP_CIPHER_CTX_free(ctx);
  4715. return ret;
  4716. }
  4717. static int test_aes_rc4_keylen_change_cve_2023_5363(void)
  4718. {
  4719. /* RC4 test data obtained from RFC 6229 */
  4720. static const struct {
  4721. unsigned char key[5];
  4722. unsigned char padding[11];
  4723. } rc4_key = {
  4724. { /* Five bytes of key material */
  4725. 0x83, 0x32, 0x22, 0x77, 0x2a,
  4726. },
  4727. { /* Random padding to 16 bytes */
  4728. 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
  4729. }
  4730. };
  4731. static const unsigned char rc4_pt[] = {
  4732. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  4733. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
  4734. };
  4735. static const unsigned char rc4_ct[] = {
  4736. 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
  4737. 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
  4738. };
  4739. if (lgcyprov == NULL)
  4740. return TEST_skip("Test requires legacy provider to be loaded");
  4741. return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key),
  4742. rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct))
  4743. && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key),
  4744. rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct));
  4745. }
  4746. #endif
  4747. int setup_tests(void)
  4748. {
  4749. OPTION_CHOICE o;
  4750. while ((o = opt_next()) != OPT_EOF) {
  4751. switch (o) {
  4752. case OPT_CONTEXT:
  4753. /* Set up an alternate library context */
  4754. testctx = OSSL_LIB_CTX_new();
  4755. if (!TEST_ptr(testctx))
  4756. return 0;
  4757. /* Swap the libctx to test non-default context only */
  4758. nullprov = OSSL_PROVIDER_load(NULL, "null");
  4759. deflprov = OSSL_PROVIDER_load(testctx, "default");
  4760. #ifndef OPENSSL_SYS_TANDEM
  4761. lgcyprov = OSSL_PROVIDER_load(testctx, "legacy");
  4762. #endif
  4763. break;
  4764. case OPT_TEST_CASES:
  4765. break;
  4766. default:
  4767. return 0;
  4768. }
  4769. }
  4770. ADD_TEST(test_EVP_set_default_properties);
  4771. ADD_ALL_TESTS(test_EVP_DigestSignInit, 30);
  4772. ADD_TEST(test_EVP_DigestVerifyInit);
  4773. #ifndef OPENSSL_NO_SIPHASH
  4774. ADD_TEST(test_siphash_digestsign);
  4775. #endif
  4776. ADD_TEST(test_EVP_Digest);
  4777. ADD_TEST(test_EVP_md_null);
  4778. ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
  4779. #ifndef OPENSSL_NO_DEPRECATED_3_0
  4780. ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2);
  4781. #endif
  4782. ADD_ALL_TESTS(test_EVP_Enveloped, 2);
  4783. ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
  4784. ADD_TEST(test_privatekey_to_pkcs8);
  4785. ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag);
  4786. #ifndef OPENSSL_NO_EC
  4787. ADD_TEST(test_EVP_PKCS82PKEY);
  4788. #endif
  4789. #ifndef OPENSSL_NO_EC
  4790. ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings));
  4791. #endif
  4792. #if !defined(OPENSSL_NO_SM2)
  4793. ADD_TEST(test_EVP_SM2);
  4794. ADD_TEST(test_EVP_SM2_verify);
  4795. #endif
  4796. ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys));
  4797. #ifndef OPENSSL_NO_DEPRECATED_3_0
  4798. custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0);
  4799. if (!TEST_ptr(custom_pmeth))
  4800. return 0;
  4801. EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check);
  4802. EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check);
  4803. EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check);
  4804. if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1))
  4805. return 0;
  4806. #endif
  4807. ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata));
  4808. #ifndef OPENSSL_NO_CMAC
  4809. ADD_TEST(test_CMAC_keygen);
  4810. #endif
  4811. ADD_TEST(test_HKDF);
  4812. ADD_TEST(test_emptyikm_HKDF);
  4813. #ifndef OPENSSL_NO_EC
  4814. ADD_TEST(test_X509_PUBKEY_inplace);
  4815. ADD_TEST(test_X509_PUBKEY_dup);
  4816. ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode,
  4817. OSSL_NELEM(ec_der_pub_keys));
  4818. #endif
  4819. #ifndef OPENSSL_NO_DSA
  4820. ADD_TEST(test_DSA_get_set_params);
  4821. ADD_TEST(test_DSA_priv_pub);
  4822. #endif
  4823. ADD_TEST(test_RSA_get_set_params);
  4824. ADD_TEST(test_RSA_OAEP_set_get_params);
  4825. ADD_TEST(test_RSA_OAEP_set_null_label);
  4826. #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
  4827. ADD_TEST(test_decrypt_null_chunks);
  4828. #endif
  4829. #ifndef OPENSSL_NO_DH
  4830. ADD_TEST(test_DH_priv_pub);
  4831. # ifndef OPENSSL_NO_DEPRECATED_3_0
  4832. ADD_TEST(test_EVP_PKEY_set1_DH);
  4833. # endif
  4834. #endif
  4835. #ifndef OPENSSL_NO_EC
  4836. ADD_TEST(test_EC_priv_pub);
  4837. ADD_TEST(test_evp_get_ec_pub);
  4838. # ifndef OPENSSL_NO_DEPRECATED_3_0
  4839. ADD_TEST(test_EC_priv_only_legacy);
  4840. ADD_TEST(test_evp_get_ec_pub_legacy);
  4841. # endif
  4842. #endif
  4843. ADD_ALL_TESTS(test_keygen_with_empty_template, 2);
  4844. ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2);
  4845. ADD_TEST(test_rand_agglomeration);
  4846. ADD_ALL_TESTS(test_evp_iv_aes, 12);
  4847. #ifndef OPENSSL_NO_DES
  4848. ADD_ALL_TESTS(test_evp_iv_des, 6);
  4849. #endif
  4850. #ifndef OPENSSL_NO_BF
  4851. ADD_ALL_TESTS(test_evp_bf_default_keylen, 4);
  4852. #endif
  4853. ADD_TEST(test_EVP_rsa_pss_with_keygen_bits);
  4854. ADD_TEST(test_EVP_rsa_pss_set_saltlen);
  4855. #ifndef OPENSSL_NO_EC
  4856. ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids));
  4857. #endif
  4858. ADD_TEST(test_names_do_all);
  4859. ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests));
  4860. ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests));
  4861. ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests));
  4862. ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests));
  4863. ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers));
  4864. if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0)
  4865. ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1);
  4866. #ifndef OPENSSL_NO_DEPRECATED_3_0
  4867. ADD_ALL_TESTS(test_custom_pmeth, 12);
  4868. ADD_TEST(test_evp_md_cipher_meth);
  4869. ADD_TEST(test_custom_md_meth);
  4870. ADD_TEST(test_custom_ciph_meth);
  4871. # ifndef OPENSSL_NO_DYNAMIC_ENGINE
  4872. /* Tests only support the default libctx */
  4873. if (testctx == NULL) {
  4874. # ifndef OPENSSL_NO_EC
  4875. ADD_ALL_TESTS(test_signatures_with_engine, 3);
  4876. # else
  4877. ADD_ALL_TESTS(test_signatures_with_engine, 2);
  4878. # endif
  4879. ADD_TEST(test_cipher_with_engine);
  4880. }
  4881. # endif
  4882. #endif
  4883. #ifndef OPENSSL_NO_ECX
  4884. ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids));
  4885. ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys));
  4886. #endif
  4887. ADD_TEST(test_sign_continuation);
  4888. /* Test cases for CVE-2023-5363 */
  4889. ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363);
  4890. #ifndef OPENSSL_NO_RC4
  4891. ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363);
  4892. #endif
  4893. return 1;
  4894. }
  4895. void cleanup_tests(void)
  4896. {
  4897. OSSL_PROVIDER_unload(nullprov);
  4898. OSSL_PROVIDER_unload(deflprov);
  4899. #ifndef OPENSSL_SYS_TANDEM
  4900. OSSL_PROVIDER_unload(lgcyprov);
  4901. #endif
  4902. OSSL_LIB_CTX_free(testctx);
  4903. }