1/* 2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10/* We need to use some deprecated APIs */ 11#define OPENSSL_SUPPRESS_DEPRECATED 12 13#include <stdio.h> 14#include <stdlib.h> 15#include <string.h> 16#include <openssl/bio.h> 17#include <openssl/conf.h> 18#include <openssl/crypto.h> 19#include <openssl/err.h> 20#include <openssl/evp.h> 21#include <openssl/x509.h> 22#include <openssl/pem.h> 23#include <openssl/kdf.h> 24#include <openssl/provider.h> 25#include <openssl/core_names.h> 26#include <openssl/params.h> 27#include <openssl/param_build.h> 28#include <openssl/dsa.h> 29#include <openssl/dh.h> 30#include <openssl/aes.h> 31#include <openssl/decoder.h> 32#include <openssl/rsa.h> 33#include <openssl/engine.h> 34#include <openssl/proverr.h> 35#include "testutil.h" 36#include "internal/nelem.h" 37#include "internal/sizes.h" 38#include "crypto/evp.h" 39 40#ifdef STATIC_LEGACY 41OSSL_provider_init_fn ossl_legacy_provider_init; 42#endif 43 44static OSSL_LIB_CTX *testctx = NULL; 45static char *testpropq = NULL; 46 47static OSSL_PROVIDER *nullprov = NULL; 48static OSSL_PROVIDER *deflprov = NULL; 49static OSSL_PROVIDER *lgcyprov = NULL; 50 51/* 52 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you 53 * should never use this key anywhere but in an example. 54 */ 55static const unsigned char kExampleRSAKeyDER[] = { 56 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, 57 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 58 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 59 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 60 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 61 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 62 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 63 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 64 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 65 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 66 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 67 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 68 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, 69 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, 70 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, 71 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, 72 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, 73 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, 74 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, 75 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, 76 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, 77 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, 78 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, 79 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, 80 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, 81 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, 82 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, 83 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, 84 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, 85 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, 86 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, 87 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, 88 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, 89 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, 90 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, 91 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, 92 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, 93 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, 94 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, 95 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, 96 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, 97 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, 98 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, 99 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, 100 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, 101 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, 102 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, 103 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 104 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 105 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, 106 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 107}; 108 109/* 110* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you 111 * should never use this key anywhere but in an example. 112 */ 113#ifndef OPENSSL_NO_DSA 114static const unsigned char kExampleDSAKeyDER[] = { 115 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a, 116 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d, 117 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f, 118 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42, 119 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38, 120 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e, 121 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e, 122 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04, 123 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4, 124 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b, 125 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14, 126 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e, 127 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3, 128 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef, 129 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f, 130 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef, 131 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38, 132 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f, 133 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4, 134 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d, 135 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86, 136 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6, 137 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a, 138 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19, 139 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff, 140 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f, 141 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0, 142 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69, 143 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07, 144 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9, 145 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79, 146 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f, 147 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c, 148 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12, 149 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45, 150 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8, 151 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe, 152 0x40, 0x48 153}; 154#endif 155 156/* 157 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private 158 * components are not correct. 159 */ 160static const unsigned char kExampleBadRSAKeyDER[] = { 161 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 162 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, 163 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, 164 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, 165 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, 166 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, 167 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, 168 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, 169 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, 170 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, 171 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, 172 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, 173 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, 174 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, 175 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, 176 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, 177 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, 178 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, 179 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, 180 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, 181 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, 182 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, 183 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 184 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, 185 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, 186 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, 187 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, 188 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, 189 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, 190 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, 191 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, 192 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, 193 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, 194 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, 195 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, 196 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, 197 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, 198 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, 199 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, 200 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, 201 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, 202 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, 203 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, 204 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, 205 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, 206 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, 207 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, 208 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, 209 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, 210 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, 211 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, 212 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, 213 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, 214 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, 215 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, 216 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, 217 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, 218 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, 219 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, 220 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, 221 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, 222 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, 223 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, 224 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, 225 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, 226 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, 227 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, 228 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, 229 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, 230 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, 231 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, 232 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, 233 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, 234 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, 235 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, 236 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, 237 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, 238 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, 239 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, 240 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, 241 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, 242 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, 243 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, 244 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, 245 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, 246 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 247 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 248 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, 249 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce, 250}; 251 252/* 253 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All 254 * values are 0. 255 */ 256static const unsigned char kExampleBad2RSAKeyDER[] = { 257 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 258 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 259 0x01, 0x00, 0x02, 0x01, 0x00 260}; 261 262static const unsigned char kMsg[] = { 1, 2, 3, 4 }; 263 264static const unsigned char kSignature[] = { 265 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, 266 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, 267 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, 268 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, 269 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, 270 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, 271 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, 272 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 273 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 274 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, 275 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, 276}; 277 278/* 279 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 280 * PrivateKeyInfo. 281 */ 282static const unsigned char kExampleRSAKeyPKCS8[] = { 283 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 284 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 285 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 286 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 287 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 288 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 289 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 290 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 291 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 292 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 293 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 294 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 295 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 296 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 297 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 298 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 299 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 300 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 301 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 302 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 303 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 304 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 305 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 306 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 307 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 308 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 309 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 310 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 311 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 312 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 313 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 314 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 315 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 316 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 317 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 318 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 319 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 320 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 321 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 322 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 323 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 324 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 325 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 326 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 327 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 328 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 329 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 330 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 331 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 332 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 333 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 334 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 335 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 336}; 337 338#ifndef OPENSSL_NO_EC 339/* 340 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey 341 * structure. 342 */ 343static const unsigned char kExampleECKeyDER[] = { 344 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, 345 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, 346 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 347 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 348 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 349 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 350 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 351 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 352 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 353 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 354 0xc1, 355}; 356 357/* 358 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey 359 * structure. The private key is equal to the order and will fail to import 360 */ 361static const unsigned char kExampleBadECKeyDER[] = { 362 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 363 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 364 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, 365 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 366 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 367 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, 368 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 369 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 370 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 371}; 372 373/* prime256v1 */ 374static const unsigned char kExampleECPubKeyDER[] = { 375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 376 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 383}; 384 385/* 386 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID 387 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key 388 */ 389static const unsigned char kExampleBadECPubKeyDER[] = { 390 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 391 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 392 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 393 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 394 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 395 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 396 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 397 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 398}; 399 400static const unsigned char pExampleECParamDER[] = { 401 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 402}; 403 404static const unsigned char kExampleED25519KeyDER[] = { 405 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 406 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a, 407 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46, 408 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50 409}; 410 411static const unsigned char kExampleED25519PubKeyDER[] = { 412 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 413 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45, 414 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40, 415 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29 416}; 417 418# ifndef OPENSSL_NO_DEPRECATED_3_0 419static const unsigned char kExampleX25519KeyDER[] = { 420 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 421 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6, 422 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac, 423 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e 424}; 425# endif 426#endif 427 428/* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */ 429#ifndef OPENSSL_NO_DEPRECATED_3_0 430# ifndef OPENSSL_NO_DH 431static const unsigned char kExampleDHKeyDER[] = { 432 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09, 433 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87, 434 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d, 435 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e, 436 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63, 437 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81, 438 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f, 439 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53, 440 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53, 441 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f, 442 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74, 443 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34, 444 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53, 445 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3, 446 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a, 447 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9, 448 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0, 449 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48, 450 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1, 451 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43, 452 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f, 453 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f, 454 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97, 455 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06, 456 0x2e, 0x87, 0x2a, 0x0b, 0x7a 457}; 458# endif 459#endif 460 461static const unsigned char kCFBDefaultKey[] = { 462 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, 463 0x09, 0xCF, 0x4F, 0x3C 464}; 465 466static const unsigned char kGCMDefaultKey[32] = { 0 }; 467 468static const unsigned char kGCMResetKey[] = { 469 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 470 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 471 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 472}; 473 474static const unsigned char iCFBIV[] = { 475 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 476 0x0C, 0x0D, 0x0E, 0x0F 477}; 478 479static const unsigned char iGCMDefaultIV[12] = { 0 }; 480 481static const unsigned char iGCMResetIV1[] = { 482 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad 483}; 484 485static const unsigned char iGCMResetIV2[] = { 486 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 487}; 488 489static const unsigned char cfbPlaintext[] = { 490 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 491 0x73, 0x93, 0x17, 0x2A 492}; 493static const unsigned char cfbPlaintext_partial[] = { 494 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 495 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 496}; 497 498static const unsigned char gcmDefaultPlaintext[16] = { 0 }; 499 500static const unsigned char gcmResetPlaintext[] = { 501 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 502 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 503 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 504 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 505 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 506}; 507 508static const unsigned char cfbCiphertext[] = { 509 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 510 0xE8, 0x3C, 0xFB, 0x4A 511}; 512 513static const unsigned char cfbCiphertext_partial[] = { 514 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 515 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35 516}; 517 518static const unsigned char ofbCiphertext_partial[] = { 519 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 520 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09 521}; 522 523static const unsigned char gcmDefaultCiphertext[] = { 524 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, 525 0xba, 0xf3, 0x9d, 0x18 526}; 527 528static const unsigned char gcmResetCiphertext1[] = { 529 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b, 530 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, 531 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3, 532 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, 533 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f 534}; 535 536static const unsigned char gcmResetCiphertext2[] = { 537 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3, 538 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 539 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48, 540 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 541 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 542}; 543 544static const unsigned char gcmAAD[] = { 545 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 546 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 547}; 548 549static const unsigned char gcmDefaultTag[] = { 550 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5, 551 0xd4, 0x8a, 0xb9, 0x19 552}; 553 554static const unsigned char gcmResetTag1[] = { 555 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13, 556 0xfe, 0x2e, 0xa8, 0xf2 557}; 558 559static const unsigned char gcmResetTag2[] = { 560 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53, 561 0xbb, 0x2d, 0x55, 0x1b 562}; 563 564typedef struct APK_DATA_st { 565 const unsigned char *kder; 566 size_t size; 567 const char *keytype; 568 int evptype; 569 int check; 570 int pub_check; 571 int param_check; 572 int type; /* 0 for private, 1 for public, 2 for params */ 573} APK_DATA; 574 575static APK_DATA keydata[] = { 576 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA}, 577 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA}, 578#ifndef OPENSSL_NO_EC 579 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC} 580#endif 581}; 582 583static APK_DATA keycheckdata[] = { 584 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 585 0}, 586 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA, 587 0, 1, 1, 0}, 588 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA, 589 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0}, 590#ifndef OPENSSL_NO_EC 591 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0}, 592 /* group is also associated in our pub key */ 593 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 594 1, 1}, 595 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 596 2}, 597 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519", 598 EVP_PKEY_ED25519, 1, 1, 1, 0}, 599 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519", 600 EVP_PKEY_ED25519, 0, 1, 1, 1}, 601#endif 602}; 603 604static EVP_PKEY *load_example_key(const char *keytype, 605 const unsigned char *data, size_t data_len) 606{ 607 const unsigned char **pdata = &data; 608 EVP_PKEY *pkey = NULL; 609 OSSL_DECODER_CTX *dctx = 610 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0, 611 testctx, testpropq); 612 613 /* |pkey| will be NULL on error */ 614 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len); 615 OSSL_DECODER_CTX_free(dctx); 616 return pkey; 617} 618 619static EVP_PKEY *load_example_rsa_key(void) 620{ 621 return load_example_key("RSA", kExampleRSAKeyDER, 622 sizeof(kExampleRSAKeyDER)); 623} 624 625#ifndef OPENSSL_NO_DSA 626static EVP_PKEY *load_example_dsa_key(void) 627{ 628 return load_example_key("DSA", kExampleDSAKeyDER, 629 sizeof(kExampleDSAKeyDER)); 630} 631#endif 632 633#ifndef OPENSSL_NO_EC 634static EVP_PKEY *load_example_ec_key(void) 635{ 636 return load_example_key("EC", kExampleECKeyDER, 637 sizeof(kExampleECKeyDER)); 638} 639#endif 640 641#ifndef OPENSSL_NO_DEPRECATED_3_0 642# ifndef OPENSSL_NO_DH 643static EVP_PKEY *load_example_dh_key(void) 644{ 645 return load_example_key("DH", kExampleDHKeyDER, 646 sizeof(kExampleDHKeyDER)); 647} 648# endif 649 650# ifndef OPENSSL_NO_EC 651static EVP_PKEY *load_example_ed25519_key(void) 652{ 653 return load_example_key("ED25519", kExampleED25519KeyDER, 654 sizeof(kExampleED25519KeyDER)); 655} 656 657static EVP_PKEY *load_example_x25519_key(void) 658{ 659 return load_example_key("X25519", kExampleX25519KeyDER, 660 sizeof(kExampleX25519KeyDER)); 661} 662# endif 663#endif /* OPENSSL_NO_DEPRECATED_3_0 */ 664 665static EVP_PKEY *load_example_hmac_key(void) 666{ 667 EVP_PKEY *pkey = NULL; 668 unsigned char key[] = { 669 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 670 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 671 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 672 }; 673 674 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC", 675 NULL, key, sizeof(key)); 676 if (!TEST_ptr(pkey)) 677 return NULL; 678 679 return pkey; 680} 681 682static int test_EVP_set_default_properties(void) 683{ 684 OSSL_LIB_CTX *ctx; 685 EVP_MD *md = NULL; 686 int res = 0; 687 688 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new()) 689 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 690 goto err; 691 EVP_MD_free(md); 692 md = NULL; 693 694 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang")) 695 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL)) 696 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider"))) 697 goto err; 698 EVP_MD_free(md); 699 md = NULL; 700 701 if (!TEST_true(EVP_set_default_properties(ctx, NULL)) 702 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 703 goto err; 704 res = 1; 705err: 706 EVP_MD_free(md); 707 OSSL_LIB_CTX_free(ctx); 708 return res; 709} 710 711#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 712static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params) 713{ 714 EVP_PKEY_CTX *pctx = NULL; 715 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL; 716 717 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq))) 718 goto err; 719 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 720 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR, 721 params), 0)) 722 goto err; 723 724 if (!TEST_ptr(tmp_pkey)) 725 goto err; 726 727 pkey = tmp_pkey; 728 tmp_pkey = NULL; 729 err: 730 EVP_PKEY_free(tmp_pkey); 731 EVP_PKEY_CTX_free(pctx); 732 return pkey; 733} 734 735static int test_selection(EVP_PKEY *pkey, int selection) 736{ 737 int testresult = 0; 738 int ret; 739 BIO *bio = BIO_new(BIO_s_mem()); 740 741 ret = PEM_write_bio_PUBKEY(bio, pkey); 742 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 743 if (!TEST_true(ret)) 744 goto err; 745 } else { 746 if (!TEST_false(ret)) 747 goto err; 748 } 749 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL, 750 testctx, NULL); 751 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 752 if (!TEST_true(ret)) 753 goto err; 754 } else { 755 if (!TEST_false(ret)) 756 goto err; 757 } 758 759 testresult = 1; 760 err: 761 BIO_free(bio); 762 763 return testresult; 764} 765#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */ 766 767/* 768 * Test combinations of private, public, missing and private + public key 769 * params to ensure they are all accepted 770 */ 771#if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) 772static int test_EVP_PKEY_ffc_priv_pub(char *keytype) 773{ 774 OSSL_PARAM_BLD *bld = NULL; 775 OSSL_PARAM *params = NULL; 776 EVP_PKEY *just_params = NULL; 777 EVP_PKEY *params_and_priv = NULL; 778 EVP_PKEY *params_and_pub = NULL; 779 EVP_PKEY *params_and_keypair = NULL; 780 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 781 int ret = 0; 782 783 /* 784 * Setup the parameters for our pkey object. For our purposes they don't 785 * have to actually be *valid* parameters. We just need to set something. 786 */ 787 if (!TEST_ptr(p = BN_new()) 788 || !TEST_ptr(q = BN_new()) 789 || !TEST_ptr(g = BN_new()) 790 || !TEST_ptr(pub = BN_new()) 791 || !TEST_ptr(priv = BN_new())) 792 goto err; 793 794 /* Test !priv and !pub */ 795 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 796 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))) 799 goto err; 800 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 801 || !TEST_ptr(just_params = make_key_fromdata(keytype, params))) 802 goto err; 803 804 OSSL_PARAM_free(params); 805 OSSL_PARAM_BLD_free(bld); 806 params = NULL; 807 bld = NULL; 808 809 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 810 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 811 goto err; 812 813 /* Test priv and !pub */ 814 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 815 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 816 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 817 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 819 priv))) 820 goto err; 821 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 822 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params))) 823 goto err; 824 825 OSSL_PARAM_free(params); 826 OSSL_PARAM_BLD_free(bld); 827 params = NULL; 828 bld = NULL; 829 830 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY) 831 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 832 goto err; 833 834 /* Test !priv and pub */ 835 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 836 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 837 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 838 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 840 pub))) 841 goto err; 842 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 843 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params))) 844 goto err; 845 846 OSSL_PARAM_free(params); 847 OSSL_PARAM_BLD_free(bld); 848 params = NULL; 849 bld = NULL; 850 851 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 852 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 853 goto err; 854 855 /* Test priv and pub */ 856 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 857 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 858 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 859 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 860 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 861 pub)) 862 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 863 priv))) 864 goto err; 865 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 866 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params))) 867 goto err; 868 869 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 870 goto err; 871 872 ret = 1; 873 err: 874 OSSL_PARAM_free(params); 875 OSSL_PARAM_BLD_free(bld); 876 EVP_PKEY_free(just_params); 877 EVP_PKEY_free(params_and_priv); 878 EVP_PKEY_free(params_and_pub); 879 EVP_PKEY_free(params_and_keypair); 880 BN_free(p); 881 BN_free(q); 882 BN_free(g); 883 BN_free(pub); 884 BN_free(priv); 885 886 return ret; 887} 888#endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */ 889 890/* 891 * Test combinations of private, public, missing and private + public key 892 * params to ensure they are all accepted for EC keys 893 */ 894#ifndef OPENSSL_NO_EC 895static unsigned char ec_priv[] = { 896 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23, 897 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5, 898 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16 899}; 900static unsigned char ec_pub[] = { 901 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97, 902 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81, 903 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d, 904 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e, 905 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1, 906 0x08, 0x09, 0xb8, 0xdb, 0x03 907}; 908 909static int test_EC_priv_pub(void) 910{ 911 OSSL_PARAM_BLD *bld = NULL; 912 OSSL_PARAM *params = NULL; 913 EVP_PKEY *just_params = NULL; 914 EVP_PKEY *params_and_priv = NULL; 915 EVP_PKEY *params_and_pub = NULL; 916 EVP_PKEY *params_and_keypair = NULL; 917 BIGNUM *priv = NULL; 918 int ret = 0; 919 unsigned char *encoded = NULL; 920 size_t len = 0; 921 unsigned char buffer[128]; 922 923 /* 924 * Setup the parameters for our pkey object. For our purposes they don't 925 * have to actually be *valid* parameters. We just need to set something. 926 */ 927 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 928 goto err; 929 930 /* Test !priv and !pub */ 931 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 932 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 933 OSSL_PKEY_PARAM_GROUP_NAME, 934 "P-256", 0))) 935 goto err; 936 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 937 || !TEST_ptr(just_params = make_key_fromdata("EC", params))) 938 goto err; 939 940 OSSL_PARAM_free(params); 941 OSSL_PARAM_BLD_free(bld); 942 params = NULL; 943 bld = NULL; 944 945 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 946 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 947 goto err; 948 949 /* Test priv and !pub */ 950 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 951 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 952 OSSL_PKEY_PARAM_GROUP_NAME, 953 "P-256", 0)) 954 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 955 priv))) 956 goto err; 957 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 958 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params))) 959 goto err; 960 961 OSSL_PARAM_free(params); 962 OSSL_PARAM_BLD_free(bld); 963 params = NULL; 964 bld = NULL; 965 966 /* 967 * We indicate only parameters here, in spite of having built a key that 968 * has a private part, because the PEM_write_bio_PrivateKey_ex call is 969 * expected to fail because it does not support exporting a private EC 970 * key without a corresponding public key 971 */ 972 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 973 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 974 goto err; 975 976 /* Test !priv and pub */ 977 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 978 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 979 OSSL_PKEY_PARAM_GROUP_NAME, 980 "P-256", 0)) 981 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 982 OSSL_PKEY_PARAM_PUB_KEY, 983 ec_pub, sizeof(ec_pub)))) 984 goto err; 985 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 986 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params))) 987 goto err; 988 989 OSSL_PARAM_free(params); 990 OSSL_PARAM_BLD_free(bld); 991 params = NULL; 992 bld = NULL; 993 994 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 995 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 996 goto err; 997 998 /* Test priv and pub */ 999 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1000 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1001 OSSL_PKEY_PARAM_GROUP_NAME, 1002 "P-256", 0)) 1003 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1004 OSSL_PKEY_PARAM_PUB_KEY, 1005 ec_pub, sizeof(ec_pub))) 1006 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1007 priv))) 1008 goto err; 1009 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1010 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params))) 1011 goto err; 1012 1013 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 1014 goto err; 1015 1016 /* Try key equality */ 1017 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0) 1018 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub), 1019 0) 1020 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv), 1021 0) 1022 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair), 1023 0) 1024 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0) 1025 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0) 1026 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0) 1027 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0)) 1028 goto err; 1029 1030 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */ 1031 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0)) 1032 goto err; 1033 OPENSSL_free(encoded); 1034 encoded = NULL; 1035 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) { 1036 OPENSSL_free(encoded); 1037 encoded = NULL; 1038 goto err; 1039 } 1040 1041 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */ 1042 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1043 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1044 buffer, sizeof(buffer), &len), 1) 1045 || !TEST_int_eq(len, 65)) 1046 goto err; 1047 1048 len = 0; 1049 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1050 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1051 NULL, 0, &len), 1) 1052 || !TEST_int_eq(len, 65)) 1053 goto err; 1054 1055 /* too-short buffer len*/ 1056 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1057 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1058 buffer, 10, &len), 0)) 1059 goto err; 1060 1061 ret = 1; 1062 err: 1063 OSSL_PARAM_free(params); 1064 OSSL_PARAM_BLD_free(bld); 1065 EVP_PKEY_free(just_params); 1066 EVP_PKEY_free(params_and_priv); 1067 EVP_PKEY_free(params_and_pub); 1068 EVP_PKEY_free(params_and_keypair); 1069 BN_free(priv); 1070 1071 return ret; 1072} 1073 1074/* Test that using a legacy EC key with only a private key in it works */ 1075# ifndef OPENSSL_NO_DEPRECATED_3_0 1076static int test_EC_priv_only_legacy(void) 1077{ 1078 BIGNUM *priv = NULL; 1079 int ret = 0; 1080 EC_KEY *eckey = NULL; 1081 EVP_PKEY *pkey = NULL, *dup_pk = NULL; 1082 EVP_MD_CTX *ctx = NULL; 1083 1084 /* Create the low level EC_KEY */ 1085 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1086 goto err; 1087 1088 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 1089 if (!TEST_ptr(eckey)) 1090 goto err; 1091 1092 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1093 goto err; 1094 1095 pkey = EVP_PKEY_new(); 1096 if (!TEST_ptr(pkey)) 1097 goto err; 1098 1099 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1100 goto err; 1101 eckey = NULL; 1102 1103 while (dup_pk == NULL) { 1104 ret = 0; 1105 ctx = EVP_MD_CTX_new(); 1106 if (!TEST_ptr(ctx)) 1107 goto err; 1108 1109 /* 1110 * The EVP_DigestSignInit function should create the key on the 1111 * provider side which is sufficient for this test. 1112 */ 1113 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx, 1114 testpropq, pkey, NULL))) 1115 goto err; 1116 EVP_MD_CTX_free(ctx); 1117 ctx = NULL; 1118 1119 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))) 1120 goto err; 1121 /* EVP_PKEY_eq() returns -2 with missing public keys */ 1122 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2); 1123 EVP_PKEY_free(pkey); 1124 pkey = dup_pk; 1125 if (!ret) 1126 goto err; 1127 } 1128 1129 err: 1130 EVP_MD_CTX_free(ctx); 1131 EVP_PKEY_free(pkey); 1132 EC_KEY_free(eckey); 1133 BN_free(priv); 1134 1135 return ret; 1136} 1137# endif /* OPENSSL_NO_DEPRECATED_3_0 */ 1138#endif /* OPENSSL_NO_EC */ 1139 1140static int test_EVP_PKEY_sign(int tst) 1141{ 1142 int ret = 0; 1143 EVP_PKEY *pkey = NULL; 1144 unsigned char *sig = NULL; 1145 size_t sig_len = 0, shortsig_len = 1; 1146 EVP_PKEY_CTX *ctx = NULL; 1147 unsigned char tbs[] = { 1148 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1149 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1150 }; 1151 1152 if (tst == 0 ) { 1153 if (!TEST_ptr(pkey = load_example_rsa_key())) 1154 goto out; 1155 } else if (tst == 1) { 1156#ifndef OPENSSL_NO_DSA 1157 if (!TEST_ptr(pkey = load_example_dsa_key())) 1158 goto out; 1159#else 1160 ret = 1; 1161 goto out; 1162#endif 1163 } else { 1164#ifndef OPENSSL_NO_EC 1165 if (!TEST_ptr(pkey = load_example_ec_key())) 1166 goto out; 1167#else 1168 ret = 1; 1169 goto out; 1170#endif 1171 } 1172 1173 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1174 if (!TEST_ptr(ctx) 1175 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1176 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1177 sizeof(tbs)), 0)) 1178 goto out; 1179 sig = OPENSSL_malloc(sig_len); 1180 if (!TEST_ptr(sig) 1181 /* Test sending a signature buffer that is too short is rejected */ 1182 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1183 sizeof(tbs)), 0) 1184 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1185 0) 1186 /* Test the signature round-trips */ 1187 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1188 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1189 0)) 1190 goto out; 1191 1192 ret = 1; 1193 out: 1194 EVP_PKEY_CTX_free(ctx); 1195 OPENSSL_free(sig); 1196 EVP_PKEY_free(pkey); 1197 return ret; 1198} 1199 1200#ifndef OPENSSL_NO_DEPRECATED_3_0 1201static int test_EVP_PKEY_sign_with_app_method(int tst) 1202{ 1203 int ret = 0; 1204 EVP_PKEY *pkey = NULL; 1205 RSA *rsa = NULL; 1206 RSA_METHOD *rsa_meth = NULL; 1207#ifndef OPENSSL_NO_DSA 1208 DSA *dsa = NULL; 1209 DSA_METHOD *dsa_meth = NULL; 1210#endif 1211 unsigned char *sig = NULL; 1212 size_t sig_len = 0, shortsig_len = 1; 1213 EVP_PKEY_CTX *ctx = NULL; 1214 unsigned char tbs[] = { 1215 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1216 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1217 }; 1218 1219 if (tst == 0) { 1220 if (!TEST_ptr(pkey = load_example_rsa_key())) 1221 goto out; 1222 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method()))) 1223 goto out; 1224 1225 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey)) 1226 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0) 1227 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0)) 1228 goto out; 1229 rsa = NULL; /* now owned by the pkey */ 1230 } else { 1231#ifndef OPENSSL_NO_DSA 1232 if (!TEST_ptr(pkey = load_example_dsa_key())) 1233 goto out; 1234 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method()))) 1235 goto out; 1236 1237 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey)) 1238 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0) 1239 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0)) 1240 goto out; 1241 dsa = NULL; /* now owned by the pkey */ 1242#else 1243 ret = 1; 1244 goto out; 1245#endif 1246 } 1247 1248 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1249 if (!TEST_ptr(ctx) 1250 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1251 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1252 sizeof(tbs)), 0)) 1253 goto out; 1254 sig = OPENSSL_malloc(sig_len); 1255 if (!TEST_ptr(sig) 1256 /* Test sending a signature buffer that is too short is rejected */ 1257 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1258 sizeof(tbs)), 0) 1259 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1260 0) 1261 /* Test the signature round-trips */ 1262 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1263 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1264 0)) 1265 goto out; 1266 1267 ret = 1; 1268 out: 1269 EVP_PKEY_CTX_free(ctx); 1270 OPENSSL_free(sig); 1271 EVP_PKEY_free(pkey); 1272 RSA_free(rsa); 1273 RSA_meth_free(rsa_meth); 1274#ifndef OPENSSL_NO_DSA 1275 DSA_free(dsa); 1276 DSA_meth_free(dsa_meth); 1277#endif 1278 return ret; 1279} 1280#endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 1281 1282/* 1283 * n = 0 => test using legacy cipher 1284 * n = 1 => test using fetched cipher 1285 */ 1286static int test_EVP_Enveloped(int n) 1287{ 1288 int ret = 0; 1289 EVP_CIPHER_CTX *ctx = NULL; 1290 EVP_PKEY *keypair = NULL; 1291 unsigned char *kek = NULL; 1292 unsigned char iv[EVP_MAX_IV_LENGTH]; 1293 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; 1294 int len, kek_len, ciphertext_len, plaintext_len; 1295 unsigned char ciphertext[32], plaintext[16]; 1296 EVP_CIPHER *type = NULL; 1297 1298 if (nullprov != NULL) 1299 return TEST_skip("Test does not support a non-default library context"); 1300 1301 if (n == 0) 1302 type = (EVP_CIPHER *)EVP_aes_256_cbc(); 1303 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC", 1304 testpropq))) 1305 goto err; 1306 1307 if (!TEST_ptr(keypair = load_example_rsa_key()) 1308 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair))) 1309 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 1310 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, 1311 &keypair, 1)) 1312 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, 1313 msg, sizeof(msg))) 1314 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, 1315 &len))) 1316 goto err; 1317 1318 ciphertext_len += len; 1319 1320 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) 1321 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, 1322 ciphertext, ciphertext_len)) 1323 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) 1324 goto err; 1325 1326 plaintext_len += len; 1327 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) 1328 goto err; 1329 1330 ret = 1; 1331err: 1332 if (n != 0) 1333 EVP_CIPHER_free(type); 1334 OPENSSL_free(kek); 1335 EVP_PKEY_free(keypair); 1336 EVP_CIPHER_CTX_free(ctx); 1337 return ret; 1338} 1339 1340/* 1341 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA) 1342 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA) 1343 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC) 1344 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA) 1345 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA) 1346 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC) 1347 * Test 6: Use an MD BIO to do the Update calls instead (RSA) 1348 * Test 7: Use an MD BIO to do the Update calls instead (DSA) 1349 * Test 8: Use an MD BIO to do the Update calls instead (HMAC) 1350 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig) 1351 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig) 1352 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig) 1353 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA) 1354 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA) 1355 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC) 1356 * Test 15-29: Same as above with reinitialization 1357 */ 1358static int test_EVP_DigestSignInit(int tst) 1359{ 1360 int ret = 0; 1361 EVP_PKEY *pkey = NULL; 1362 unsigned char *sig = NULL, *sig2 = NULL; 1363 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1; 1364 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL; 1365 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL; 1366 BIO *mdbio = NULL, *membio = NULL; 1367 size_t written; 1368 const EVP_MD *md; 1369 EVP_MD *mdexp = NULL; 1370 int reinit = 0; 1371 1372 if (nullprov != NULL) 1373 return TEST_skip("Test does not support a non-default library context"); 1374 1375 if (tst >= 15) { 1376 reinit = 1; 1377 tst -= 15; 1378 } 1379 1380 if (tst >= 6 && tst <= 8) { 1381 membio = BIO_new(BIO_s_mem()); 1382 mdbio = BIO_new(BIO_f_md()); 1383 if (!TEST_ptr(membio) || !TEST_ptr(mdbio)) 1384 goto out; 1385 BIO_push(mdbio, membio); 1386 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0)) 1387 goto out; 1388 } else { 1389 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new()) 1390 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new())) 1391 goto out; 1392 } 1393 1394 if (tst % 3 == 0) { 1395 if (!TEST_ptr(pkey = load_example_rsa_key())) 1396 goto out; 1397 } else if (tst % 3 == 1) { 1398#ifndef OPENSSL_NO_DSA 1399 if (!TEST_ptr(pkey = load_example_dsa_key())) 1400 goto out; 1401#else 1402 ret = 1; 1403 goto out; 1404#endif 1405 } else { 1406 if (!TEST_ptr(pkey = load_example_hmac_key())) 1407 goto out; 1408 } 1409 1410 if (tst >= 3 && tst <= 5) 1411 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL); 1412 else 1413 md = EVP_sha256(); 1414 1415 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey))) 1416 goto out; 1417 1418 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL))) 1419 goto out; 1420 1421 if (tst >= 6 && tst <= 8) { 1422 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)) 1423 goto out; 1424 } else if (tst < 6) { 1425 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 1426 goto out; 1427 } 1428 1429 if (tst >= 9) { 1430 /* Determine the size of the signature. */ 1431 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg, 1432 sizeof(kMsg))) 1433 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))) 1434 goto out; 1435 if (tst <= 11) { 1436 /* Test that supply a short sig buffer fails */ 1437 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg, 1438 sizeof(kMsg)))) 1439 goto out; 1440 /* 1441 * We end here because once EVP_DigestSign() has failed you should 1442 * not call it again without re-initing the ctx 1443 */ 1444 ret = 1; 1445 goto out; 1446 } 1447 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg, 1448 sizeof(kMsg)))) 1449 goto out; 1450 } else { 1451 /* Determine the size of the signature. */ 1452 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) 1453 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)) 1454 /* 1455 * Trying to create a signature with a deliberately short 1456 * buffer should fail. 1457 */ 1458 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len)) 1459 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 1460 goto out; 1461 } 1462 1463 /* 1464 * Ensure that the signature round-trips (Verification isn't supported for 1465 * HMAC via EVP_DigestVerify*) 1466 */ 1467 if (tst % 3 != 2) { 1468 if (tst >= 6 && tst <= 8) { 1469 if (!TEST_int_gt(BIO_reset(mdbio), 0) 1470 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) 1471 goto out; 1472 } 1473 1474 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md, 1475 NULL, pkey))) 1476 goto out; 1477 1478 if (tst >= 6 && tst <= 8) { 1479 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))) 1480 goto out; 1481 } else { 1482 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, 1483 sizeof(kMsg)))) 1484 goto out; 1485 } 1486 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1487 goto out; 1488 1489 /* Multiple calls to EVP_DigestVerifyFinal should work */ 1490 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1491 goto out; 1492 } else { 1493 /* 1494 * For HMAC a doubled call to DigestSignFinal should produce the same 1495 * value as finalization should not happen. 1496 */ 1497 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len)) 1498 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len)) 1499 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len))) 1500 goto out; 1501 1502 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len)) 1503 goto out; 1504 } 1505 1506 ret = 1; 1507 1508 out: 1509 BIO_free(membio); 1510 BIO_free(mdbio); 1511 EVP_MD_CTX_free(a_md_ctx); 1512 EVP_MD_CTX_free(a_md_ctx_verify); 1513 EVP_PKEY_free(pkey); 1514 OPENSSL_free(sig); 1515 OPENSSL_free(sig2); 1516 EVP_MD_free(mdexp); 1517 1518 return ret; 1519} 1520 1521static int test_EVP_DigestVerifyInit(void) 1522{ 1523 int ret = 0; 1524 EVP_PKEY *pkey = NULL; 1525 EVP_MD_CTX *md_ctx = NULL; 1526 1527 if (nullprov != NULL) 1528 return TEST_skip("Test does not support a non-default library context"); 1529 1530 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 1531 || !TEST_ptr(pkey = load_example_rsa_key())) 1532 goto out; 1533 1534 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 1535 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 1536 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 1537 sizeof(kSignature)), 0)) 1538 goto out; 1539 1540 /* test with reinitialization */ 1541 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL)) 1542 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 1543 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 1544 sizeof(kSignature)), 0)) 1545 goto out; 1546 ret = 1; 1547 1548 out: 1549 EVP_MD_CTX_free(md_ctx); 1550 EVP_PKEY_free(pkey); 1551 return ret; 1552} 1553 1554#ifndef OPENSSL_NO_SIPHASH 1555/* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */ 1556static int test_siphash_digestsign(void) 1557{ 1558 unsigned char key[16]; 1559 unsigned char buf[8], digest[8]; 1560 unsigned char expected[8] = { 1561 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2 1562 }; 1563 EVP_PKEY *pkey = NULL; 1564 EVP_MD_CTX *mdctx = NULL; 1565 EVP_PKEY_CTX *ctx = NULL; 1566 int ret = 0; 1567 size_t len = 8; 1568 1569 if (nullprov != NULL) 1570 return TEST_skip("Test does not support a non-default library context"); 1571 1572 memset(buf, 0, 8); 1573 memset(key, 1, 16); 1574 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL, 1575 key, 16))) 1576 goto out; 1577 1578 if (!TEST_ptr(mdctx = EVP_MD_CTX_create())) 1579 goto out; 1580 1581 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey))) 1582 goto out; 1583 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX, 1584 EVP_PKEY_CTRL_SET_DIGEST_SIZE, 1585 8, NULL), 1)) 1586 goto out; 1587 /* reinitialize */ 1588 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL))) 1589 goto out; 1590 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8))) 1591 goto out; 1592 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len))) 1593 goto out; 1594 if (!TEST_mem_eq(digest, len, expected, sizeof(expected))) 1595 goto out; 1596 1597 ret = 1; 1598 out: 1599 EVP_PKEY_free(pkey); 1600 EVP_MD_CTX_free(mdctx); 1601 return ret; 1602} 1603#endif 1604 1605/* 1606 * Test corner cases of EVP_DigestInit/Update/Final API call behavior. 1607 */ 1608static int test_EVP_Digest(void) 1609{ 1610 int ret = 0; 1611 EVP_MD_CTX *md_ctx = NULL; 1612 unsigned char md[EVP_MAX_MD_SIZE]; 1613 EVP_MD *sha256 = NULL; 1614 EVP_MD *shake256 = NULL; 1615 1616 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 1617 goto out; 1618 1619 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq)) 1620 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq))) 1621 goto out; 1622 1623 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 1624 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 1625 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL)) 1626 /* EVP_DigestFinal resets the EVP_MD_CTX. */ 1627 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL)) 1628 goto out; 1629 1630 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 1631 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 1632 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL)) 1633 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */ 1634 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 1635 /* 1636 * EVP_DigestInit_ex with NULL type should work on 1637 * pre-initialized context. 1638 */ 1639 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 1640 goto out; 1641 1642 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL)) 1643 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 1644 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md))) 1645 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */ 1646 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 1647 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 1648 goto out; 1649 ret = 1; 1650 1651 out: 1652 EVP_MD_CTX_free(md_ctx); 1653 EVP_MD_free(sha256); 1654 EVP_MD_free(shake256); 1655 return ret; 1656} 1657 1658static int test_EVP_md_null(void) 1659{ 1660 int ret = 0; 1661 EVP_MD_CTX *md_ctx = NULL; 1662 const EVP_MD *md_null = EVP_md_null(); 1663 unsigned char md_value[EVP_MAX_MD_SIZE]; 1664 unsigned int md_len = sizeof(md_value); 1665 1666 if (nullprov != NULL) 1667 return TEST_skip("Test does not support a non-default library context"); 1668 1669 if (!TEST_ptr(md_null) 1670 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())) 1671 goto out; 1672 1673 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL)) 1674 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4)) 1675 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len))) 1676 goto out; 1677 1678 if (!TEST_uint_eq(md_len, 0)) 1679 goto out; 1680 1681 ret = 1; 1682 out: 1683 EVP_MD_CTX_free(md_ctx); 1684 return ret; 1685} 1686 1687static int test_d2i_AutoPrivateKey(int i) 1688{ 1689 int ret = 0; 1690 const unsigned char *p; 1691 EVP_PKEY *pkey = NULL; 1692 const APK_DATA *ak = &keydata[i]; 1693 const unsigned char *input = ak->kder; 1694 size_t input_len = ak->size; 1695 int expected_id = ak->evptype; 1696 1697 p = input; 1698 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 1699 || !TEST_ptr_eq(p, input + input_len) 1700 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 1701 goto done; 1702 1703 ret = 1; 1704 1705 done: 1706 EVP_PKEY_free(pkey); 1707 return ret; 1708} 1709 1710#ifndef OPENSSL_NO_EC 1711 1712static const unsigned char ec_public_sect163k1_validxy[] = { 1713 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 1714 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 1715 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 1716 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b, 1717 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 1718 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 1719}; 1720 1721static const unsigned char ec_public_sect163k1_badx[] = { 1722 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 1723 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 1724 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 1725 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b, 1726 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 1727 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 1728}; 1729 1730static const unsigned char ec_public_sect163k1_bady[] = { 1731 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 1732 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 1733 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 1734 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b, 1735 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 1736 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6 1737}; 1738 1739static struct ec_der_pub_keys_st { 1740 const unsigned char *der; 1741 size_t len; 1742 int valid; 1743} ec_der_pub_keys[] = { 1744 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 }, 1745 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 }, 1746 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 }, 1747}; 1748 1749/* 1750 * Tests the range of the decoded EC char2 public point. 1751 * See ec_GF2m_simple_oct2point(). 1752 */ 1753static int test_invalide_ec_char2_pub_range_decode(int id) 1754{ 1755 int ret = 0; 1756 EVP_PKEY *pkey; 1757 1758 pkey = load_example_key("EC", ec_der_pub_keys[id].der, 1759 ec_der_pub_keys[id].len); 1760 1761 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey)) 1762 || TEST_ptr_null(pkey); 1763 EVP_PKEY_free(pkey); 1764 return ret; 1765} 1766 1767/* Tests loading a bad key in PKCS8 format */ 1768static int test_EVP_PKCS82PKEY(void) 1769{ 1770 int ret = 0; 1771 const unsigned char *derp = kExampleBadECKeyDER; 1772 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 1773 EVP_PKEY *pkey = NULL; 1774 1775 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, 1776 sizeof(kExampleBadECKeyDER)))) 1777 goto done; 1778 1779 if (!TEST_ptr_eq(derp, 1780 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) 1781 goto done; 1782 1783 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) 1784 goto done; 1785 1786 ret = 1; 1787 1788 done: 1789 PKCS8_PRIV_KEY_INFO_free(p8inf); 1790 EVP_PKEY_free(pkey); 1791 1792 return ret; 1793} 1794 1795#endif 1796static int test_EVP_PKCS82PKEY_wrong_tag(void) 1797{ 1798 EVP_PKEY *pkey = NULL; 1799 EVP_PKEY *pkey2 = NULL; 1800 BIO *membio = NULL; 1801 char *membuf = NULL; 1802 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 1803 int ok = 0; 1804 1805 if (testctx != NULL) 1806 /* test not supported with non-default context */ 1807 return 1; 1808 1809 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 1810 || !TEST_ptr(pkey = load_example_rsa_key()) 1811 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 1812 NULL, 0, NULL, NULL), 1813 0) 1814 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0) 1815 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL)) 1816 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf)) 1817 || !TEST_int_eq(ERR_peek_last_error(), 0)) { 1818 goto done; 1819 } 1820 1821 ok = 1; 1822 done: 1823 EVP_PKEY_free(pkey); 1824 EVP_PKEY_free(pkey2); 1825 PKCS8_PRIV_KEY_INFO_free(p8inf); 1826 BIO_free_all(membio); 1827 return ok; 1828} 1829 1830/* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */ 1831static int test_privatekey_to_pkcs8(void) 1832{ 1833 EVP_PKEY *pkey = NULL; 1834 BIO *membio = NULL; 1835 char *membuf = NULL; 1836 long membuf_len = 0; 1837 int ok = 0; 1838 1839 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 1840 || !TEST_ptr(pkey = load_example_rsa_key()) 1841 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 1842 NULL, 0, NULL, NULL), 1843 0) 1844 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0) 1845 || !TEST_ptr(membuf) 1846 || !TEST_mem_eq(membuf, (size_t)membuf_len, 1847 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) 1848 /* 1849 * We try to write PEM as well, just to see that it doesn't err, but 1850 * assume that the result is correct. 1851 */ 1852 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL, 1853 NULL, 0, NULL, NULL), 1854 0)) 1855 goto done; 1856 1857 ok = 1; 1858 done: 1859 EVP_PKEY_free(pkey); 1860 BIO_free_all(membio); 1861 return ok; 1862} 1863 1864#ifndef OPENSSL_NO_EC 1865static const struct { 1866 int encoding; 1867 const char *encoding_name; 1868} ec_encodings[] = { 1869 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT }, 1870 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP } 1871}; 1872 1873static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg) 1874{ 1875 const OSSL_PARAM *p; 1876 const char *enc_name = NULL; 1877 int *enc = arg; 1878 size_t i; 1879 1880 *enc = -1; 1881 1882 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, 1883 OSSL_PKEY_PARAM_EC_ENCODING)) 1884 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name))) 1885 return 0; 1886 1887 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) { 1888 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { 1889 *enc = ec_encodings[i].encoding; 1890 break; 1891 } 1892 } 1893 1894 return (*enc != -1); 1895} 1896 1897static int test_EC_keygen_with_enc(int idx) 1898{ 1899 EVP_PKEY *params = NULL, *key = NULL; 1900 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL; 1901 int enc; 1902 int ret = 0; 1903 1904 enc = ec_encodings[idx].encoding; 1905 1906 /* Create key parameters */ 1907 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL)) 1908 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0) 1909 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0) 1910 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0) 1911 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)) 1912 || !TEST_ptr(params)) 1913 goto done; 1914 1915 /* Create key */ 1916 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL)) 1917 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 1918 || !TEST_true(EVP_PKEY_keygen(kctx, &key)) 1919 || !TEST_ptr(key)) 1920 goto done; 1921 1922 /* Check that the encoding got all the way into the key */ 1923 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL, 1924 ec_export_get_encoding_cb, &enc)) 1925 || !TEST_int_eq(enc, ec_encodings[idx].encoding)) 1926 goto done; 1927 1928 ret = 1; 1929 done: 1930 EVP_PKEY_free(key); 1931 EVP_PKEY_free(params); 1932 EVP_PKEY_CTX_free(kctx); 1933 EVP_PKEY_CTX_free(pctx); 1934 return ret; 1935} 1936#endif 1937 1938#if !defined(OPENSSL_NO_SM2) 1939 1940static int test_EVP_SM2_verify(void) 1941{ 1942 const char *pubkey = 1943 "-----BEGIN PUBLIC KEY-----\n" 1944 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n" 1945 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n" 1946 "-----END PUBLIC KEY-----\n"; 1947 1948 const char *msg = "message digest"; 1949 const char *id = "ALICE123@YAHOO.COM"; 1950 1951 const uint8_t signature[] = { 1952 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb, 1953 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06, 1954 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36, 1955 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d, 1956 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07, 1957 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24, 1958 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70 1959 }; 1960 1961 int rc = 0; 1962 BIO *bio = NULL; 1963 EVP_PKEY *pkey = NULL; 1964 EVP_MD_CTX *mctx = NULL; 1965 EVP_PKEY_CTX *pctx = NULL; 1966 EVP_MD *sm3 = NULL; 1967 1968 bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); 1969 if (!TEST_true(bio != NULL)) 1970 goto done; 1971 1972 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq); 1973 if (!TEST_true(pkey != NULL)) 1974 goto done; 1975 1976 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2"))) 1977 goto done; 1978 1979 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 1980 goto done; 1981 1982 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 1983 goto done; 1984 1985 EVP_MD_CTX_set_pkey_ctx(mctx, pctx); 1986 1987 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq))) 1988 goto done; 1989 1990 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey))) 1991 goto done; 1992 1993 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0)) 1994 goto done; 1995 1996 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) 1997 goto done; 1998 1999 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0)) 2000 goto done; 2001 rc = 1; 2002 2003 done: 2004 BIO_free(bio); 2005 EVP_PKEY_free(pkey); 2006 EVP_PKEY_CTX_free(pctx); 2007 EVP_MD_CTX_free(mctx); 2008 EVP_MD_free(sm3); 2009 return rc; 2010} 2011 2012static int test_EVP_SM2(void) 2013{ 2014 int ret = 0; 2015 EVP_PKEY *pkey = NULL; 2016 EVP_PKEY *pkeyparams = NULL; 2017 EVP_PKEY_CTX *pctx = NULL; 2018 EVP_PKEY_CTX *kctx = NULL; 2019 EVP_PKEY_CTX *sctx = NULL; 2020 size_t sig_len = 0; 2021 unsigned char *sig = NULL; 2022 EVP_MD_CTX *md_ctx = NULL; 2023 EVP_MD_CTX *md_ctx_verify = NULL; 2024 EVP_PKEY_CTX *cctx = NULL; 2025 EVP_MD *check_md = NULL; 2026 2027 uint8_t ciphertext[128]; 2028 size_t ctext_len = sizeof(ciphertext); 2029 2030 uint8_t plaintext[8]; 2031 size_t ptext_len = sizeof(plaintext); 2032 2033 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; 2034 2035 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END}; 2036 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END}; 2037 int i; 2038 char mdname[OSSL_MAX_NAME_SIZE]; 2039 2040 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, 2041 "SM2", testpropq))) 2042 goto done; 2043 2044 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) 2045 goto done; 2046 2047 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0)) 2048 goto done; 2049 2050 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams))) 2051 goto done; 2052 2053 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2054 pkeyparams, testpropq))) 2055 goto done; 2056 2057 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)) 2058 goto done; 2059 2060 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) 2061 goto done; 2062 2063 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2064 goto done; 2065 2066 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) 2067 goto done; 2068 2069 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2070 goto done; 2071 2072 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 2073 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); 2074 2075 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq))) 2076 goto done; 2077 2078 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey))) 2079 goto done; 2080 2081 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2082 goto done; 2083 2084 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 2085 goto done; 2086 2087 /* Determine the size of the signature. */ 2088 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) 2089 goto done; 2090 2091 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) 2092 goto done; 2093 2094 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 2095 goto done; 2096 2097 /* Ensure that the signature round-trips. */ 2098 2099 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2100 pkey))) 2101 goto done; 2102 2103 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2104 goto done; 2105 2106 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2107 goto done; 2108 2109 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2110 goto done; 2111 2112 /* 2113 * Try verify again with non-matching 0 length id but ensure that it can 2114 * be set on the context and overrides the previous value. 2115 */ 2116 2117 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2118 pkey))) 2119 goto done; 2120 2121 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0)) 2122 goto done; 2123 2124 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2125 goto done; 2126 2127 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2128 goto done; 2129 2130 /* now check encryption/decryption */ 2131 2132 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2133 mdname, sizeof(mdname)); 2134 for (i = 0; i < 2; i++) { 2135 const char *mdnames[] = { 2136#ifndef OPENSSL_NO_SM3 2137 "SM3", 2138#else 2139 NULL, 2140#endif 2141 "SHA2-256" }; 2142 EVP_PKEY_CTX_free(cctx); 2143 2144 if (mdnames[i] == NULL) 2145 continue; 2146 2147 sparams[0] = 2148 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2149 (char *)mdnames[i], 0); 2150 2151 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2152 pkey, testpropq))) 2153 goto done; 2154 2155 if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) 2156 goto done; 2157 2158 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2159 goto done; 2160 2161 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, 2162 sizeof(kMsg)))) 2163 goto done; 2164 2165 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0)) 2166 goto done; 2167 2168 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2169 goto done; 2170 2171 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, 2172 ctext_len), 0)) 2173 goto done; 2174 2175 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams))) 2176 goto done; 2177 2178 /* 2179 * Test we're still using the digest we think we are. 2180 * Because of aliases, the easiest is to fetch the digest and 2181 * check the name with EVP_MD_is_a(). 2182 */ 2183 EVP_MD_free(check_md); 2184 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq))) 2185 goto done; 2186 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) { 2187 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]); 2188 goto done; 2189 } 2190 2191 if (!TEST_true(ptext_len == sizeof(kMsg))) 2192 goto done; 2193 2194 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) 2195 goto done; 2196 } 2197 2198 ret = 1; 2199done: 2200 EVP_PKEY_CTX_free(pctx); 2201 EVP_PKEY_CTX_free(kctx); 2202 EVP_PKEY_CTX_free(sctx); 2203 EVP_PKEY_CTX_free(cctx); 2204 EVP_PKEY_free(pkey); 2205 EVP_PKEY_free(pkeyparams); 2206 EVP_MD_CTX_free(md_ctx); 2207 EVP_MD_CTX_free(md_ctx_verify); 2208 EVP_MD_free(check_md); 2209 OPENSSL_free(sig); 2210 return ret; 2211} 2212 2213#endif 2214 2215static struct keys_st { 2216 int type; 2217 char *priv; 2218 char *pub; 2219} keys[] = { 2220 { 2221 EVP_PKEY_HMAC, "0123456789", NULL 2222 }, 2223 { 2224 EVP_PKEY_HMAC, "", NULL 2225#ifndef OPENSSL_NO_POLY1305 2226 }, { 2227 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL 2228#endif 2229#ifndef OPENSSL_NO_SIPHASH 2230 }, { 2231 EVP_PKEY_SIPHASH, "0123456789012345", NULL 2232#endif 2233 }, 2234#ifndef OPENSSL_NO_EC 2235 { 2236 EVP_PKEY_X25519, "01234567890123456789012345678901", 2237 "abcdefghijklmnopqrstuvwxyzabcdef" 2238 }, { 2239 EVP_PKEY_ED25519, "01234567890123456789012345678901", 2240 "abcdefghijklmnopqrstuvwxyzabcdef" 2241 }, { 2242 EVP_PKEY_X448, 2243 "01234567890123456789012345678901234567890123456789012345", 2244 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" 2245 }, { 2246 EVP_PKEY_ED448, 2247 "012345678901234567890123456789012345678901234567890123456", 2248 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" 2249 } 2250#endif 2251}; 2252 2253static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) 2254{ 2255 int ret = 0; 2256 unsigned char buf[80]; 2257 unsigned char *in; 2258 size_t inlen, len = 0, shortlen = 1; 2259 EVP_PKEY *pkey; 2260 2261 /* Check if this algorithm supports public keys */ 2262 if (pub && keys[tst].pub == NULL) 2263 return 1; 2264 2265 memset(buf, 0, sizeof(buf)); 2266 2267 if (pub) { 2268#ifndef OPENSSL_NO_EC 2269 inlen = strlen(keys[tst].pub); 2270 in = (unsigned char *)keys[tst].pub; 2271 if (uselibctx) { 2272 pkey = EVP_PKEY_new_raw_public_key_ex( 2273 testctx, 2274 OBJ_nid2sn(keys[tst].type), 2275 NULL, 2276 in, 2277 inlen); 2278 } else { 2279 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, 2280 NULL, 2281 in, 2282 inlen); 2283 } 2284#else 2285 return 1; 2286#endif 2287 } else { 2288 inlen = strlen(keys[tst].priv); 2289 in = (unsigned char *)keys[tst].priv; 2290 if (uselibctx) { 2291 pkey = EVP_PKEY_new_raw_private_key_ex( 2292 testctx, OBJ_nid2sn(keys[tst].type), 2293 NULL, 2294 in, 2295 inlen); 2296 } else { 2297 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, 2298 NULL, 2299 in, 2300 inlen); 2301 } 2302 } 2303 2304 if (!TEST_ptr(pkey) 2305 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1) 2306 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) 2307 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) 2308 || !TEST_true(len == inlen)) 2309 goto done; 2310 if (tst != 1) { 2311 /* 2312 * Test that supplying a buffer that is too small fails. Doesn't apply 2313 * to HMAC with a zero length key 2314 */ 2315 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf, 2316 &shortlen))) 2317 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf, 2318 &shortlen)))) 2319 goto done; 2320 } 2321 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) 2322 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) 2323 || !TEST_mem_eq(in, inlen, buf, len)) 2324 goto done; 2325 2326 ret = 1; 2327 done: 2328 EVP_PKEY_free(pkey); 2329 return ret; 2330} 2331 2332static int test_set_get_raw_keys(int tst) 2333{ 2334 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0)) 2335 && test_set_get_raw_keys_int(tst, 0, 1) 2336 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0)) 2337 && test_set_get_raw_keys_int(tst, 1, 1); 2338} 2339 2340#ifndef OPENSSL_NO_DEPRECATED_3_0 2341static int pkey_custom_check(EVP_PKEY *pkey) 2342{ 2343 return 0xbeef; 2344} 2345 2346static int pkey_custom_pub_check(EVP_PKEY *pkey) 2347{ 2348 return 0xbeef; 2349} 2350 2351static int pkey_custom_param_check(EVP_PKEY *pkey) 2352{ 2353 return 0xbeef; 2354} 2355 2356static EVP_PKEY_METHOD *custom_pmeth; 2357#endif 2358 2359static int test_EVP_PKEY_check(int i) 2360{ 2361 int ret = 0; 2362 EVP_PKEY *pkey = NULL; 2363 EVP_PKEY_CTX *ctx = NULL; 2364#ifndef OPENSSL_NO_DEPRECATED_3_0 2365 EVP_PKEY_CTX *ctx2 = NULL; 2366#endif 2367 const APK_DATA *ak = &keycheckdata[i]; 2368 const unsigned char *input = ak->kder; 2369 size_t input_len = ak->size; 2370 int expected_id = ak->evptype; 2371 int expected_check = ak->check; 2372 int expected_pub_check = ak->pub_check; 2373 int expected_param_check = ak->param_check; 2374 int type = ak->type; 2375 2376 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len))) 2377 goto done; 2378 if (type == 0 2379 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 2380 goto done; 2381 2382 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2383 goto done; 2384 2385 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) 2386 goto done; 2387 2388 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) 2389 goto done; 2390 2391 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) 2392 goto done; 2393 2394#ifndef OPENSSL_NO_DEPRECATED_3_0 2395 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); 2396 /* assign the pkey directly, as an internal test */ 2397 EVP_PKEY_up_ref(pkey); 2398 ctx2->pkey = pkey; 2399 2400 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) 2401 goto done; 2402 2403 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) 2404 goto done; 2405 2406 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) 2407 goto done; 2408#endif 2409 2410 ret = 1; 2411 2412 done: 2413 EVP_PKEY_CTX_free(ctx); 2414#ifndef OPENSSL_NO_DEPRECATED_3_0 2415 EVP_PKEY_CTX_free(ctx2); 2416#endif 2417 EVP_PKEY_free(pkey); 2418 return ret; 2419} 2420 2421#ifndef OPENSSL_NO_CMAC 2422static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac) 2423{ 2424 EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); 2425 const char msg[] = "Hello World"; 2426 size_t maclen = AES_BLOCK_SIZE; 2427 int ret = 1; 2428 2429 if (!TEST_ptr(mdctx) 2430 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx, 2431 testpropq, pkey, NULL)) 2432 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg))) 2433 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen)) 2434 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE)) 2435 ret = 0; 2436 2437 EVP_MD_CTX_free(mdctx); 2438 2439 return ret; 2440} 2441static int test_CMAC_keygen(void) 2442{ 2443 static unsigned char key[] = { 2444 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 2445 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 2446 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 2447 }; 2448 EVP_PKEY_CTX *kctx = NULL; 2449 int ret = 0; 2450 EVP_PKEY *pkey = NULL; 2451 unsigned char mac[AES_BLOCK_SIZE]; 2452# if !defined(OPENSSL_NO_DEPRECATED_3_0) 2453 unsigned char mac2[AES_BLOCK_SIZE]; 2454# endif 2455 2456 if (nullprov != NULL) 2457 return TEST_skip("Test does not support a non-default library context"); 2458 2459 /* 2460 * This is a legacy method for CMACs, but should still work. 2461 * This verifies that it works without an ENGINE. 2462 */ 2463 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL); 2464 2465 /* Test a CMAC key created using the "generated" method */ 2466 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 2467 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 2468 EVP_PKEY_CTRL_CIPHER, 2469 0, (void *)EVP_aes_256_ecb()), 0) 2470 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 2471 EVP_PKEY_CTRL_SET_MAC_KEY, 2472 sizeof(key), (void *)key), 0) 2473 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0) 2474 || !TEST_ptr(pkey) 2475 || !TEST_true(get_cmac_val(pkey, mac))) 2476 goto done; 2477 2478# if !defined(OPENSSL_NO_DEPRECATED_3_0) 2479 EVP_PKEY_free(pkey); 2480 2481 /* 2482 * Test a CMAC key using the direct method, and compare with the mac 2483 * created above. 2484 */ 2485 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb()); 2486 if (!TEST_ptr(pkey) 2487 || !TEST_true(get_cmac_val(pkey, mac2)) 2488 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2))) 2489 goto done; 2490# endif 2491 2492 ret = 1; 2493 2494 done: 2495 EVP_PKEY_free(pkey); 2496 EVP_PKEY_CTX_free(kctx); 2497 return ret; 2498} 2499#endif 2500 2501static int test_HKDF(void) 2502{ 2503 EVP_PKEY_CTX *pctx; 2504 unsigned char out[20]; 2505 size_t outlen; 2506 int i, ret = 0; 2507 unsigned char salt[] = "0123456789"; 2508 unsigned char key[] = "012345678901234567890123456789"; 2509 unsigned char info[] = "infostring"; 2510 const unsigned char expected[] = { 2511 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, 2512 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca 2513 }; 2514 size_t expectedlen = sizeof(expected); 2515 2516 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 2517 goto done; 2518 2519 /* We do this twice to test reuse of the EVP_PKEY_CTX */ 2520 for (i = 0; i < 2; i++) { 2521 outlen = sizeof(out); 2522 memset(out, 0, outlen); 2523 2524 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 2525 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 2526 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 2527 sizeof(salt) - 1), 0) 2528 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 2529 sizeof(key) - 1), 0) 2530 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 2531 sizeof(info) - 1), 0) 2532 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 2533 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 2534 goto done; 2535 } 2536 2537 ret = 1; 2538 2539 done: 2540 EVP_PKEY_CTX_free(pctx); 2541 2542 return ret; 2543} 2544 2545static int test_emptyikm_HKDF(void) 2546{ 2547 EVP_PKEY_CTX *pctx; 2548 unsigned char out[20]; 2549 size_t outlen; 2550 int ret = 0; 2551 unsigned char salt[] = "9876543210"; 2552 unsigned char key[] = ""; 2553 unsigned char info[] = "stringinfo"; 2554 const unsigned char expected[] = { 2555 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47, 2556 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30 2557 }; 2558 size_t expectedlen = sizeof(expected); 2559 2560 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 2561 goto done; 2562 2563 outlen = sizeof(out); 2564 memset(out, 0, outlen); 2565 2566 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 2567 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 2568 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 2569 sizeof(salt) - 1), 0) 2570 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 2571 sizeof(key) - 1), 0) 2572 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 2573 sizeof(info) - 1), 0) 2574 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 2575 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 2576 goto done; 2577 2578 ret = 1; 2579 2580 done: 2581 EVP_PKEY_CTX_free(pctx); 2582 2583 return ret; 2584} 2585 2586#ifndef OPENSSL_NO_EC 2587static int test_X509_PUBKEY_inplace(void) 2588{ 2589 int ret = 0; 2590 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq); 2591 const unsigned char *p = kExampleECPubKeyDER; 2592 size_t input_len = sizeof(kExampleECPubKeyDER); 2593 2594 if (!TEST_ptr(xp)) 2595 goto done; 2596 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))) 2597 goto done; 2598 2599 if (!TEST_ptr(X509_PUBKEY_get0(xp))) 2600 goto done; 2601 2602 p = kExampleBadECPubKeyDER; 2603 input_len = sizeof(kExampleBadECPubKeyDER); 2604 2605 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))) 2606 goto done; 2607 2608 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL)) 2609 goto done; 2610 2611 ret = 1; 2612 2613 done: 2614 X509_PUBKEY_free(xp); 2615 return ret; 2616} 2617 2618static int test_X509_PUBKEY_dup(void) 2619{ 2620 int ret = 0; 2621 X509_PUBKEY *xp = NULL, *xq = NULL; 2622 const unsigned char *p = kExampleECPubKeyDER; 2623 size_t input_len = sizeof(kExampleECPubKeyDER); 2624 2625 xp = X509_PUBKEY_new_ex(testctx, testpropq); 2626 if (!TEST_ptr(xp) 2627 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)) 2628 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)) 2629 || !TEST_ptr_ne(xp, xq)) 2630 goto done; 2631 2632 if (!TEST_ptr(X509_PUBKEY_get0(xq)) 2633 || !TEST_ptr(X509_PUBKEY_get0(xp)) 2634 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp))) 2635 goto done; 2636 2637 X509_PUBKEY_free(xq); 2638 xq = NULL; 2639 p = kExampleBadECPubKeyDER; 2640 input_len = sizeof(kExampleBadECPubKeyDER); 2641 2642 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)) 2643 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))) 2644 goto done; 2645 2646 X509_PUBKEY_free(xp); 2647 xp = NULL; 2648 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL)) 2649 goto done; 2650 2651 ret = 1; 2652 2653 done: 2654 X509_PUBKEY_free(xp); 2655 X509_PUBKEY_free(xq); 2656 return ret; 2657} 2658#endif /* OPENSSL_NO_EC */ 2659 2660/* Test getting and setting parameters on an EVP_PKEY_CTX */ 2661static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey) 2662{ 2663 EVP_MD_CTX *mdctx = NULL; 2664 EVP_PKEY_CTX *ctx = NULL; 2665 const OSSL_PARAM *params; 2666 OSSL_PARAM ourparams[2], *param = ourparams, *param_md; 2667 int ret = 0; 2668 const EVP_MD *md; 2669 char mdname[OSSL_MAX_NAME_SIZE]; 2670 char ssl3ms[48]; 2671 2672 /* Initialise a sign operation */ 2673 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq); 2674 if (!TEST_ptr(ctx) 2675 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)) 2676 goto err; 2677 2678 /* 2679 * We should be able to query the parameters now. 2680 */ 2681 params = EVP_PKEY_CTX_settable_params(ctx); 2682 if (!TEST_ptr(params) 2683 || !TEST_ptr(OSSL_PARAM_locate_const(params, 2684 OSSL_SIGNATURE_PARAM_DIGEST))) 2685 goto err; 2686 2687 params = EVP_PKEY_CTX_gettable_params(ctx); 2688 if (!TEST_ptr(params) 2689 || !TEST_ptr(OSSL_PARAM_locate_const(params, 2690 OSSL_SIGNATURE_PARAM_ALGORITHM_ID)) 2691 || !TEST_ptr(OSSL_PARAM_locate_const(params, 2692 OSSL_SIGNATURE_PARAM_DIGEST))) 2693 goto err; 2694 2695 /* 2696 * Test getting and setting params via EVP_PKEY_CTX_set_params() and 2697 * EVP_PKEY_CTX_get_params() 2698 */ 2699 strcpy(mdname, "SHA512"); 2700 param_md = param; 2701 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 2702 mdname, 0); 2703 *param++ = OSSL_PARAM_construct_end(); 2704 2705 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams))) 2706 goto err; 2707 2708 mdname[0] = '\0'; 2709 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 2710 mdname, sizeof(mdname)); 2711 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams)) 2712 || !TEST_str_eq(mdname, "SHA512")) 2713 goto err; 2714 2715 /* 2716 * Test the TEST_PKEY_CTX_set_signature_md() and 2717 * TEST_PKEY_CTX_get_signature_md() functions 2718 */ 2719 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0) 2720 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0) 2721 || !TEST_ptr_eq(md, EVP_sha256())) 2722 goto err; 2723 2724 /* 2725 * Test getting MD parameters via an associated EVP_PKEY_CTX 2726 */ 2727 mdctx = EVP_MD_CTX_new(); 2728 if (!TEST_ptr(mdctx) 2729 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq, 2730 pkey, NULL))) 2731 goto err; 2732 2733 /* 2734 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be 2735 * able to obtain the digest's settable parameters from the provider. 2736 */ 2737 params = EVP_MD_CTX_settable_params(mdctx); 2738 if (!TEST_ptr(params) 2739 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0) 2740 /* The final key should be NULL */ 2741 || !TEST_ptr_null(params[1].key)) 2742 goto err; 2743 2744 param = ourparams; 2745 memset(ssl3ms, 0, sizeof(ssl3ms)); 2746 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, 2747 ssl3ms, sizeof(ssl3ms)); 2748 *param++ = OSSL_PARAM_construct_end(); 2749 2750 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams))) 2751 goto err; 2752 2753 ret = 1; 2754 2755 err: 2756 EVP_MD_CTX_free(mdctx); 2757 EVP_PKEY_CTX_free(ctx); 2758 2759 return ret; 2760} 2761 2762#ifndef OPENSSL_NO_DSA 2763static int test_DSA_get_set_params(void) 2764{ 2765 OSSL_PARAM_BLD *bld = NULL; 2766 OSSL_PARAM *params = NULL; 2767 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 2768 EVP_PKEY_CTX *pctx = NULL; 2769 EVP_PKEY *pkey = NULL; 2770 int ret = 0; 2771 2772 /* 2773 * Setup the parameters for our DSA object. For our purposes they don't 2774 * have to actually be *valid* parameters. We just need to set something. 2775 */ 2776 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL)) 2777 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 2778 || !TEST_ptr(p = BN_new()) 2779 || !TEST_ptr(q = BN_new()) 2780 || !TEST_ptr(g = BN_new()) 2781 || !TEST_ptr(pub = BN_new()) 2782 || !TEST_ptr(priv = BN_new())) 2783 goto err; 2784 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 2785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 2786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 2787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 2788 pub)) 2789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 2790 priv))) 2791 goto err; 2792 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 2793 goto err; 2794 2795 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 2796 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 2797 params), 0)) 2798 goto err; 2799 2800 if (!TEST_ptr(pkey)) 2801 goto err; 2802 2803 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 2804 2805 err: 2806 EVP_PKEY_free(pkey); 2807 EVP_PKEY_CTX_free(pctx); 2808 OSSL_PARAM_free(params); 2809 OSSL_PARAM_BLD_free(bld); 2810 BN_free(p); 2811 BN_free(q); 2812 BN_free(g); 2813 BN_free(pub); 2814 BN_free(priv); 2815 2816 return ret; 2817} 2818 2819/* 2820 * Test combinations of private, public, missing and private + public key 2821 * params to ensure they are all accepted 2822 */ 2823static int test_DSA_priv_pub(void) 2824{ 2825 return test_EVP_PKEY_ffc_priv_pub("DSA"); 2826} 2827 2828#endif /* !OPENSSL_NO_DSA */ 2829 2830static int test_RSA_get_set_params(void) 2831{ 2832 OSSL_PARAM_BLD *bld = NULL; 2833 OSSL_PARAM *params = NULL; 2834 BIGNUM *n = NULL, *e = NULL, *d = NULL; 2835 EVP_PKEY_CTX *pctx = NULL; 2836 EVP_PKEY *pkey = NULL; 2837 int ret = 0; 2838 2839 /* 2840 * Setup the parameters for our RSA object. For our purposes they don't 2841 * have to actually be *valid* parameters. We just need to set something. 2842 */ 2843 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL)) 2844 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 2845 || !TEST_ptr(n = BN_new()) 2846 || !TEST_ptr(e = BN_new()) 2847 || !TEST_ptr(d = BN_new())) 2848 goto err; 2849 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) 2850 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) 2851 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))) 2852 goto err; 2853 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 2854 goto err; 2855 2856 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 2857 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 2858 params), 0)) 2859 goto err; 2860 2861 if (!TEST_ptr(pkey)) 2862 goto err; 2863 2864 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 2865 2866 err: 2867 EVP_PKEY_free(pkey); 2868 EVP_PKEY_CTX_free(pctx); 2869 OSSL_PARAM_free(params); 2870 OSSL_PARAM_BLD_free(bld); 2871 BN_free(n); 2872 BN_free(e); 2873 BN_free(d); 2874 2875 return ret; 2876} 2877 2878static int test_RSA_OAEP_set_get_params(void) 2879{ 2880 int ret = 0; 2881 EVP_PKEY *key = NULL; 2882 EVP_PKEY_CTX *key_ctx = NULL; 2883 2884 if (nullprov != NULL) 2885 return TEST_skip("Test does not support a non-default library context"); 2886 2887 if (!TEST_ptr(key = load_example_rsa_key()) 2888 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0))) 2889 goto err; 2890 2891 { 2892 int padding = RSA_PKCS1_OAEP_PADDING; 2893 OSSL_PARAM params[4]; 2894 2895 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding); 2896 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 2897 OSSL_DIGEST_NAME_SHA2_256, 0); 2898 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 2899 OSSL_DIGEST_NAME_SHA1, 0); 2900 params[3] = OSSL_PARAM_construct_end(); 2901 2902 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0)) 2903 goto err; 2904 } 2905 { 2906 OSSL_PARAM params[3]; 2907 char oaepmd[30] = { '\0' }; 2908 char mgf1md[30] = { '\0' }; 2909 2910 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 2911 oaepmd, sizeof(oaepmd)); 2912 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 2913 mgf1md, sizeof(mgf1md)); 2914 params[2] = OSSL_PARAM_construct_end(); 2915 2916 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params))) 2917 goto err; 2918 2919 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256) 2920 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1)) 2921 goto err; 2922 } 2923 2924 ret = 1; 2925 2926 err: 2927 EVP_PKEY_free(key); 2928 EVP_PKEY_CTX_free(key_ctx); 2929 2930 return ret; 2931} 2932 2933/* https://github.com/openssl/openssl/issues/21288 */ 2934static int test_RSA_OAEP_set_null_label(void) 2935{ 2936 int ret = 0; 2937 EVP_PKEY *key = NULL; 2938 EVP_PKEY_CTX *key_ctx = NULL; 2939 2940 if (!TEST_ptr(key = load_example_rsa_key()) 2941 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL)) 2942 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx))) 2943 goto err; 2944 2945 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING))) 2946 goto err; 2947 2948 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0))) 2949 goto err; 2950 2951 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0))) 2952 goto err; 2953 2954 ret = 1; 2955 2956 err: 2957 EVP_PKEY_free(key); 2958 EVP_PKEY_CTX_free(key_ctx); 2959 2960 return ret; 2961} 2962 2963#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 2964static int test_decrypt_null_chunks(void) 2965{ 2966 EVP_CIPHER_CTX* ctx = NULL; 2967 EVP_CIPHER *cipher = NULL; 2968 const unsigned char key[32] = { 2969 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 2970 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 2971 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1 2972 }; 2973 unsigned char iv[12] = { 2974 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b 2975 }; 2976 unsigned char msg[] = "It was the best of times, it was the worst of times"; 2977 unsigned char ciphertext[80]; 2978 unsigned char plaintext[80]; 2979 /* We initialise tmp to a non zero value on purpose */ 2980 int ctlen, ptlen, tmp = 99; 2981 int ret = 0; 2982 const int enc_offset = 10, dec_offset = 20; 2983 2984 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq)) 2985 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 2986 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, 2987 key, iv)) 2988 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg, 2989 enc_offset)) 2990 /* Deliberate add a zero length update */ 2991 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL, 2992 0)) 2993 || !TEST_int_eq(tmp, 0) 2994 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, 2995 msg + enc_offset, 2996 sizeof(msg) - enc_offset)) 2997 || !TEST_int_eq(ctlen += tmp, sizeof(msg)) 2998 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp)) 2999 || !TEST_int_eq(tmp, 0)) 3000 goto err; 3001 3002 /* Deliberately initialise tmp to a non zero value */ 3003 tmp = 99; 3004 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) 3005 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext, 3006 dec_offset)) 3007 /* 3008 * Deliberately add a zero length update. We also deliberately do 3009 * this at a different offset than for encryption. 3010 */ 3011 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL, 3012 0)) 3013 || !TEST_int_eq(tmp, 0) 3014 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, 3015 ciphertext + dec_offset, 3016 ctlen - dec_offset)) 3017 || !TEST_int_eq(ptlen += tmp, sizeof(msg)) 3018 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp)) 3019 || !TEST_int_eq(tmp, 0) 3020 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen)) 3021 goto err; 3022 3023 ret = 1; 3024 err: 3025 EVP_CIPHER_CTX_free(ctx); 3026 EVP_CIPHER_free(cipher); 3027 return ret; 3028} 3029#endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */ 3030 3031#ifndef OPENSSL_NO_DH 3032/* 3033 * Test combinations of private, public, missing and private + public key 3034 * params to ensure they are all accepted 3035 */ 3036static int test_DH_priv_pub(void) 3037{ 3038 return test_EVP_PKEY_ffc_priv_pub("DH"); 3039} 3040 3041# ifndef OPENSSL_NO_DEPRECATED_3_0 3042static int test_EVP_PKEY_set1_DH(void) 3043{ 3044 DH *x942dh = NULL, *noqdh = NULL; 3045 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; 3046 int ret = 0; 3047 BIGNUM *p, *g = NULL; 3048 BIGNUM *pubkey = NULL; 3049 unsigned char pub[2048 / 8]; 3050 size_t len = 0; 3051 3052 if (!TEST_ptr(p = BN_new()) 3053 || !TEST_ptr(g = BN_new()) 3054 || !TEST_ptr(pubkey = BN_new()) 3055 || !TEST_true(BN_set_word(p, 9999)) 3056 || !TEST_true(BN_set_word(g, 2)) 3057 || !TEST_true(BN_set_word(pubkey, 4321)) 3058 || !TEST_ptr(noqdh = DH_new()) 3059 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g)) 3060 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL)) 3061 || !TEST_ptr(pubkey = BN_new()) 3062 || !TEST_true(BN_set_word(pubkey, 4321))) 3063 goto err; 3064 p = g = NULL; 3065 3066 x942dh = DH_get_2048_256(); 3067 pkey1 = EVP_PKEY_new(); 3068 pkey2 = EVP_PKEY_new(); 3069 if (!TEST_ptr(x942dh) 3070 || !TEST_ptr(noqdh) 3071 || !TEST_ptr(pkey1) 3072 || !TEST_ptr(pkey2) 3073 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL))) 3074 goto err; 3075 pubkey = NULL; 3076 3077 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) 3078 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) 3079 goto err; 3080 3081 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY, 3082 &pubkey)) 3083 || !TEST_ptr(pubkey)) 3084 goto err; 3085 3086 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) 3087 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) 3088 goto err; 3089 3090 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2, 3091 OSSL_PKEY_PARAM_PUB_KEY, 3092 pub, sizeof(pub), &len)) 3093 || !TEST_size_t_ne(len, 0)) 3094 goto err; 3095 3096 ret = 1; 3097 err: 3098 BN_free(p); 3099 BN_free(g); 3100 BN_free(pubkey); 3101 EVP_PKEY_free(pkey1); 3102 EVP_PKEY_free(pkey2); 3103 DH_free(x942dh); 3104 DH_free(noqdh); 3105 3106 return ret; 3107} 3108# endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 3109#endif /* !OPENSSL_NO_DH */ 3110 3111/* 3112 * We test what happens with an empty template. For the sake of this test, 3113 * the template must be ignored, and we know that's the case for RSA keys 3114 * (this might arguably be a misfeature, but that's what we currently do, 3115 * even in provider code, since that's how the legacy RSA implementation 3116 * does things) 3117 */ 3118static int test_keygen_with_empty_template(int n) 3119{ 3120 EVP_PKEY_CTX *ctx = NULL; 3121 EVP_PKEY *pkey = NULL; 3122 EVP_PKEY *tkey = NULL; 3123 int ret = 0; 3124 3125 if (nullprov != NULL) 3126 return TEST_skip("Test does not support a non-default library context"); 3127 3128 switch (n) { 3129 case 0: 3130 /* We do test with no template at all as well */ 3131 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) 3132 goto err; 3133 break; 3134 case 1: 3135 /* Here we create an empty RSA key that serves as our template */ 3136 if (!TEST_ptr(tkey = EVP_PKEY_new()) 3137 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA)) 3138 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL))) 3139 goto err; 3140 break; 3141 } 3142 3143 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 3144 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)) 3145 goto err; 3146 3147 ret = 1; 3148 err: 3149 EVP_PKEY_CTX_free(ctx); 3150 EVP_PKEY_free(pkey); 3151 EVP_PKEY_free(tkey); 3152 return ret; 3153} 3154 3155/* 3156 * Test that we fail if we attempt to use an algorithm that is not available 3157 * in the current library context (unless we are using an algorithm that 3158 * should be made available via legacy codepaths). 3159 * 3160 * 0: RSA 3161 * 1: SM2 3162 */ 3163static int test_pkey_ctx_fail_without_provider(int tst) 3164{ 3165 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new(); 3166 OSSL_PROVIDER *tmpnullprov = NULL; 3167 EVP_PKEY_CTX *pctx = NULL; 3168 const char *keytype = NULL; 3169 int expect_null = 0; 3170 int ret = 0; 3171 3172 if (!TEST_ptr(tmpctx)) 3173 goto err; 3174 3175 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null"); 3176 if (!TEST_ptr(tmpnullprov)) 3177 goto err; 3178 3179 /* 3180 * We check for certain algos in the null provider. 3181 * If an algo is expected to have a provider keymgmt, contructing an 3182 * EVP_PKEY_CTX is expected to fail (return NULL). 3183 * Otherwise, if it's expected to have legacy support, contructing an 3184 * EVP_PKEY_CTX is expected to succeed (return non-NULL). 3185 */ 3186 switch (tst) { 3187 case 0: 3188 keytype = "RSA"; 3189 expect_null = 1; 3190 break; 3191 case 1: 3192 keytype = "SM2"; 3193 expect_null = 1; 3194#ifdef OPENSSL_NO_EC 3195 TEST_info("EC disable, skipping SM2 check..."); 3196 goto end; 3197#endif 3198#ifdef OPENSSL_NO_SM2 3199 TEST_info("SM2 disable, skipping SM2 check..."); 3200 goto end; 3201#endif 3202 break; 3203 default: 3204 TEST_error("No test for case %d", tst); 3205 goto err; 3206 } 3207 3208 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, ""); 3209 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx)) 3210 goto err; 3211 3212#if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2) 3213 end: 3214#endif 3215 ret = 1; 3216 3217 err: 3218 EVP_PKEY_CTX_free(pctx); 3219 OSSL_PROVIDER_unload(tmpnullprov); 3220 OSSL_LIB_CTX_free(tmpctx); 3221 return ret; 3222} 3223 3224static int test_rand_agglomeration(void) 3225{ 3226 EVP_RAND *rand; 3227 EVP_RAND_CTX *ctx; 3228 OSSL_PARAM params[3], *p = params; 3229 int res; 3230 unsigned int step = 7; 3231 static unsigned char seed[] = "It does not matter how slowly you go " 3232 "as long as you do not stop."; 3233 unsigned char out[sizeof(seed)]; 3234 3235 if (!TEST_int_ne(sizeof(seed) % step, 0) 3236 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq))) 3237 return 0; 3238 ctx = EVP_RAND_CTX_new(rand, NULL); 3239 EVP_RAND_free(rand); 3240 if (!TEST_ptr(ctx)) 3241 return 0; 3242 3243 memset(out, 0, sizeof(out)); 3244 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 3245 seed, sizeof(seed)); 3246 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step); 3247 *p = OSSL_PARAM_construct_end(); 3248 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params)) 3249 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0)) 3250 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out)); 3251 EVP_RAND_CTX_free(ctx); 3252 return res; 3253} 3254 3255/* 3256 * Test that we correctly return the original or "running" IV after 3257 * an encryption operation. 3258 * Run multiple times for some different relevant algorithms/modes. 3259 */ 3260static int test_evp_iv_aes(int idx) 3261{ 3262 int ret = 0; 3263 EVP_CIPHER_CTX *ctx = NULL; 3264 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1, 3265 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57}; 3266 unsigned char init_iv[EVP_MAX_IV_LENGTH] = 3267 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 3268 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34}; 3269 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8, 3270 9, 10, 11, 12, 13, 14, 15, 16 }; 3271 unsigned char ciphertext[32], oiv[16], iv[16]; 3272 unsigned char *ref_iv; 3273 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9, 3274 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e}; 3275 3276 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64, 3277 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd}; 3278 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c, 3279 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed}; 3280 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 3281 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81}; 3282 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98}; 3283#ifndef OPENSSL_NO_OCB 3284 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 3285 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81}; 3286#endif 3287 int len = sizeof(ciphertext); 3288 size_t ivlen, ref_len; 3289 const EVP_CIPHER *type = NULL; 3290 int iv_reset = 0; 3291 3292 if (nullprov != NULL && idx < 6) 3293 return TEST_skip("Test does not support a non-default library context"); 3294 3295 switch(idx) { 3296 case 0: 3297 type = EVP_aes_128_cbc(); 3298 /* FALLTHROUGH */ 3299 case 6: 3300 type = (type != NULL) ? type : 3301 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq); 3302 ref_iv = cbc_state; 3303 ref_len = sizeof(cbc_state); 3304 iv_reset = 1; 3305 break; 3306 case 1: 3307 type = EVP_aes_128_ofb(); 3308 /* FALLTHROUGH */ 3309 case 7: 3310 type = (type != NULL) ? type : 3311 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq); 3312 ref_iv = ofb_state; 3313 ref_len = sizeof(ofb_state); 3314 iv_reset = 1; 3315 break; 3316 case 2: 3317 type = EVP_aes_128_cfb(); 3318 /* FALLTHROUGH */ 3319 case 8: 3320 type = (type != NULL) ? type : 3321 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq); 3322 ref_iv = cfb_state; 3323 ref_len = sizeof(cfb_state); 3324 iv_reset = 1; 3325 break; 3326 case 3: 3327 type = EVP_aes_128_gcm(); 3328 /* FALLTHROUGH */ 3329 case 9: 3330 type = (type != NULL) ? type : 3331 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq); 3332 ref_iv = gcm_state; 3333 ref_len = sizeof(gcm_state); 3334 break; 3335 case 4: 3336 type = EVP_aes_128_ccm(); 3337 /* FALLTHROUGH */ 3338 case 10: 3339 type = (type != NULL) ? type : 3340 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq); 3341 ref_iv = ccm_state; 3342 ref_len = sizeof(ccm_state); 3343 break; 3344#ifdef OPENSSL_NO_OCB 3345 case 5: 3346 case 11: 3347 return 1; 3348#else 3349 case 5: 3350 type = EVP_aes_128_ocb(); 3351 /* FALLTHROUGH */ 3352 case 11: 3353 type = (type != NULL) ? type : 3354 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq); 3355 ref_iv = ocb_state; 3356 ref_len = sizeof(ocb_state); 3357 break; 3358#endif 3359 default: 3360 return 0; 3361 } 3362 3363 if (!TEST_ptr(type) 3364 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 3365 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 3366 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 3367 (int)sizeof(msg))) 3368 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 3369 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 3370 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 3371 goto err; 3372 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 3373 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 3374 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 3375 goto err; 3376 3377 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */ 3378 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 3379 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 3380 goto err; 3381 if (iv_reset) { 3382 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 3383 goto err; 3384 } else { 3385 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen)) 3386 goto err; 3387 } 3388 3389 ret = 1; 3390err: 3391 EVP_CIPHER_CTX_free(ctx); 3392 if (idx >= 6) 3393 EVP_CIPHER_free((EVP_CIPHER *)type); 3394 return ret; 3395} 3396 3397#ifndef OPENSSL_NO_DES 3398static int test_evp_iv_des(int idx) 3399{ 3400 int ret = 0; 3401 EVP_CIPHER_CTX *ctx = NULL; 3402 static const unsigned char key[24] = { 3403 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 3404 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86, 3405 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 3406 }; 3407 static const unsigned char init_iv[8] = { 3408 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 3409 }; 3410 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8, 3411 9, 10, 11, 12, 13, 14, 15, 16 }; 3412 unsigned char ciphertext[32], oiv[8], iv[8]; 3413 unsigned const char *ref_iv; 3414 static const unsigned char cbc_state_des[8] = { 3415 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a 3416 }; 3417 static const unsigned char cbc_state_3des[8] = { 3418 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9 3419 }; 3420 static const unsigned char ofb_state_des[8] = { 3421 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c 3422 }; 3423 static const unsigned char ofb_state_3des[8] = { 3424 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e 3425 }; 3426 static const unsigned char cfb_state_des[8] = { 3427 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73 3428 }; 3429 static const unsigned char cfb_state_3des[8] = { 3430 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7 3431 }; 3432 int len = sizeof(ciphertext); 3433 size_t ivlen, ref_len; 3434 EVP_CIPHER *type = NULL; 3435 3436 if (lgcyprov == NULL && idx < 3) 3437 return TEST_skip("Test requires legacy provider to be loaded"); 3438 3439 switch(idx) { 3440 case 0: 3441 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq); 3442 ref_iv = cbc_state_des; 3443 ref_len = sizeof(cbc_state_des); 3444 break; 3445 case 1: 3446 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq); 3447 ref_iv = ofb_state_des; 3448 ref_len = sizeof(ofb_state_des); 3449 break; 3450 case 2: 3451 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq); 3452 ref_iv = cfb_state_des; 3453 ref_len = sizeof(cfb_state_des); 3454 break; 3455 case 3: 3456 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq); 3457 ref_iv = cbc_state_3des; 3458 ref_len = sizeof(cbc_state_3des); 3459 break; 3460 case 4: 3461 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq); 3462 ref_iv = ofb_state_3des; 3463 ref_len = sizeof(ofb_state_3des); 3464 break; 3465 case 5: 3466 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq); 3467 ref_iv = cfb_state_3des; 3468 ref_len = sizeof(cfb_state_3des); 3469 break; 3470 default: 3471 return 0; 3472 } 3473 3474 if (!TEST_ptr(type) 3475 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 3476 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 3477 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 3478 (int)sizeof(msg))) 3479 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 3480 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 3481 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 3482 goto err; 3483 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 3484 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 3485 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 3486 goto err; 3487 3488 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 3489 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 3490 goto err; 3491 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 3492 goto err; 3493 3494 ret = 1; 3495err: 3496 EVP_CIPHER_CTX_free(ctx); 3497 EVP_CIPHER_free(type); 3498 return ret; 3499} 3500#endif 3501 3502#ifndef OPENSSL_NO_BF 3503static int test_evp_bf_default_keylen(int idx) 3504{ 3505 int ret = 0; 3506 static const char *algos[4] = { 3507 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb" 3508 }; 3509 int ivlen[4] = { 0, 8, 8, 8 }; 3510 EVP_CIPHER *cipher = NULL; 3511 3512 if (lgcyprov == NULL) 3513 return TEST_skip("Test requires legacy provider to be loaded"); 3514 3515 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq)) 3516 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16) 3517 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx])) 3518 goto err; 3519 3520 ret = 1; 3521err: 3522 EVP_CIPHER_free(cipher); 3523 return ret; 3524} 3525#endif 3526 3527#ifndef OPENSSL_NO_EC 3528static int ecpub_nids[] = { 3529 NID_brainpoolP256r1, NID_X9_62_prime256v1, 3530 NID_secp384r1, NID_secp521r1, 3531# ifndef OPENSSL_NO_EC2M 3532 NID_sect233k1, NID_sect233r1, NID_sect283r1, 3533 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, 3534# endif 3535 NID_brainpoolP384r1, NID_brainpoolP512r1 3536}; 3537 3538static int test_ecpub(int idx) 3539{ 3540 int ret = 0, len, savelen; 3541 int nid; 3542 unsigned char buf[1024]; 3543 unsigned char *p; 3544 EVP_PKEY *pkey = NULL; 3545 EVP_PKEY_CTX *ctx = NULL; 3546# ifndef OPENSSL_NO_DEPRECATED_3_0 3547 const unsigned char *q; 3548 EVP_PKEY *pkey2 = NULL; 3549 EC_KEY *ec = NULL; 3550# endif 3551 3552 if (nullprov != NULL) 3553 return TEST_skip("Test does not support a non-default library context"); 3554 3555 nid = ecpub_nids[idx]; 3556 3557 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); 3558 if (!TEST_ptr(ctx) 3559 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 3560 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0) 3561 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey))) 3562 goto done; 3563 len = i2d_PublicKey(pkey, NULL); 3564 savelen = len; 3565 if (!TEST_int_ge(len, 1) 3566 || !TEST_int_lt(len, 1024)) 3567 goto done; 3568 p = buf; 3569 len = i2d_PublicKey(pkey, &p); 3570 if (!TEST_int_ge(len, 1) 3571 || !TEST_int_eq(len, savelen)) 3572 goto done; 3573 3574# ifndef OPENSSL_NO_DEPRECATED_3_0 3575 /* Now try to decode the just-created DER. */ 3576 q = buf; 3577 if (!TEST_ptr((pkey2 = EVP_PKEY_new())) 3578 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid))) 3579 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec))) 3580 goto done; 3581 /* EC_KEY ownership transferred */ 3582 ec = NULL; 3583 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen))) 3584 goto done; 3585 /* The keys should match. */ 3586 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) 3587 goto done; 3588# endif 3589 3590 ret = 1; 3591 3592 done: 3593 EVP_PKEY_CTX_free(ctx); 3594 EVP_PKEY_free(pkey); 3595# ifndef OPENSSL_NO_DEPRECATED_3_0 3596 EVP_PKEY_free(pkey2); 3597 EC_KEY_free(ec); 3598# endif 3599 return ret; 3600} 3601#endif 3602 3603static int test_EVP_rsa_pss_with_keygen_bits(void) 3604{ 3605 int ret = 0; 3606 EVP_PKEY_CTX *ctx = NULL; 3607 EVP_PKEY *pkey = NULL; 3608 EVP_MD *md; 3609 3610 md = EVP_MD_fetch(testctx, "sha256", testpropq); 3611 ret = TEST_ptr(md) 3612 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq))) 3613 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 3614 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0) 3615 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0) 3616 && TEST_true(EVP_PKEY_keygen(ctx, &pkey)); 3617 3618 EVP_MD_free(md); 3619 EVP_PKEY_free(pkey); 3620 EVP_PKEY_CTX_free(ctx); 3621 return ret; 3622} 3623 3624static int test_EVP_rsa_pss_set_saltlen(void) 3625{ 3626 int ret = 0; 3627 EVP_PKEY *pkey = NULL; 3628 EVP_PKEY_CTX *pkey_ctx = NULL; 3629 EVP_MD *sha256 = NULL; 3630 EVP_MD_CTX *sha256_ctx = NULL; 3631 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */ 3632 const int test_value = 32; 3633 3634 ret = TEST_ptr(pkey = load_example_rsa_key()) 3635 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL)) 3636 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new()) 3637 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey)) 3638 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)) 3639 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0) 3640 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0) 3641 && TEST_int_eq(saltlen, test_value); 3642 3643 EVP_MD_CTX_free(sha256_ctx); 3644 EVP_PKEY_free(pkey); 3645 EVP_MD_free(sha256); 3646 3647 return ret; 3648} 3649 3650static int success = 1; 3651static void md_names(const char *name, void *vctx) 3652{ 3653 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx; 3654 /* Force a namemap update */ 3655 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL); 3656 3657 if (!TEST_ptr(aes128)) 3658 success = 0; 3659 3660 EVP_CIPHER_free(aes128); 3661} 3662 3663/* 3664 * Test that changing the namemap in a user callback works in a names_do_all 3665 * function. 3666 */ 3667static int test_names_do_all(void) 3668{ 3669 /* We use a custom libctx so that we know the state of the namemap */ 3670 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); 3671 EVP_MD *sha256 = NULL; 3672 int testresult = 0; 3673 3674 if (!TEST_ptr(ctx)) 3675 goto err; 3676 3677 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL); 3678 if (!TEST_ptr(sha256)) 3679 goto err; 3680 3681 /* 3682 * We loop through all the names for a given digest. This should still work 3683 * even if the namemap changes part way through. 3684 */ 3685 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx))) 3686 goto err; 3687 3688 if (!TEST_true(success)) 3689 goto err; 3690 3691 testresult = 1; 3692 err: 3693 EVP_MD_free(sha256); 3694 OSSL_LIB_CTX_free(ctx); 3695 return testresult; 3696} 3697 3698typedef struct { 3699 const char *cipher; 3700 const unsigned char *key; 3701 const unsigned char *iv; 3702 const unsigned char *input; 3703 const unsigned char *expected; 3704 const unsigned char *tag; 3705 size_t ivlen; /* 0 if we do not need to set a specific IV len */ 3706 size_t inlen; 3707 size_t expectedlen; 3708 size_t taglen; 3709 int keyfirst; 3710 int initenc; 3711 int finalenc; 3712} EVP_INIT_TEST_st; 3713 3714static const EVP_INIT_TEST_st evp_init_tests[] = { 3715 { 3716 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 3717 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 3718 0, 1, 0, 1 3719 }, 3720 { 3721 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 3722 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 3723 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 3724 sizeof(gcmDefaultTag), 1, 0, 1 3725 }, 3726 { 3727 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 3728 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 3729 0, 0, 0, 1 3730 }, 3731 { 3732 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 3733 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 3734 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 3735 sizeof(gcmDefaultTag), 0, 0, 1 3736 }, 3737 { 3738 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 3739 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 3740 0, 1, 1, 0 3741 }, 3742 { 3743 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 3744 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 3745 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 3746 sizeof(gcmDefaultTag), 1, 1, 0 3747 }, 3748 { 3749 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 3750 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 3751 0, 0, 1, 0 3752 }, 3753 { 3754 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 3755 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 3756 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 3757 sizeof(gcmDefaultTag), 0, 1, 0 3758 } 3759}; 3760 3761/* use same key, iv and plaintext for cfb and ofb */ 3762static const EVP_INIT_TEST_st evp_reinit_tests[] = { 3763 { 3764 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 3765 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 3766 sizeof(cfbCiphertext_partial), 0, 0, 1, 0 3767 }, 3768 { 3769 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial, 3770 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial), 3771 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 3772 }, 3773 { 3774 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 3775 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 3776 sizeof(ofbCiphertext_partial), 0, 0, 1, 0 3777 }, 3778 { 3779 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial, 3780 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial), 3781 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 3782 }, 3783}; 3784 3785static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) 3786{ 3787 int res = 0; 3788 3789 if (t->ivlen != 0) { 3790 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0)) 3791 goto err; 3792 } 3793 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) 3794 goto err; 3795 res = 1; 3796 err: 3797 return res; 3798} 3799 3800/* 3801 * Test step-wise cipher initialization via EVP_CipherInit_ex where the 3802 * arguments are given one at a time and a final adjustment to the enc 3803 * parameter sets the correct operation. 3804 */ 3805static int test_evp_init_seq(int idx) 3806{ 3807 int outlen1, outlen2; 3808 int testresult = 0; 3809 unsigned char outbuf[1024]; 3810 unsigned char tag[16]; 3811 const EVP_INIT_TEST_st *t = &evp_init_tests[idx]; 3812 EVP_CIPHER_CTX *ctx = NULL; 3813 EVP_CIPHER *type = NULL; 3814 size_t taglen = sizeof(tag); 3815 char *errmsg = NULL; 3816 3817 ctx = EVP_CIPHER_CTX_new(); 3818 if (ctx == NULL) { 3819 errmsg = "CTX_ALLOC"; 3820 goto err; 3821 } 3822 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) { 3823 errmsg = "CIPHER_FETCH"; 3824 goto err; 3825 } 3826 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) { 3827 errmsg = "EMPTY_ENC_INIT"; 3828 goto err; 3829 } 3830 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 3831 errmsg = "PADDING"; 3832 goto err; 3833 } 3834 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 3835 errmsg = "KEY_INIT (before iv)"; 3836 goto err; 3837 } 3838 if (!evp_init_seq_set_iv(ctx, t)) { 3839 errmsg = "IV_INIT"; 3840 goto err; 3841 } 3842 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 3843 errmsg = "KEY_INIT (after iv)"; 3844 goto err; 3845 } 3846 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) { 3847 errmsg = "FINAL_ENC_INIT"; 3848 goto err; 3849 } 3850 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 3851 errmsg = "CIPHER_UPDATE"; 3852 goto err; 3853 } 3854 if (t->finalenc == 0 && t->tag != NULL) { 3855 /* Set expected tag */ 3856 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 3857 t->taglen, (void *)t->tag), 0)) { 3858 errmsg = "SET_TAG"; 3859 goto err; 3860 } 3861 } 3862 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 3863 errmsg = "CIPHER_FINAL"; 3864 goto err; 3865 } 3866 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 3867 errmsg = "WRONG_RESULT"; 3868 goto err; 3869 } 3870 if (t->finalenc != 0 && t->tag != NULL) { 3871 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 3872 errmsg = "GET_TAG"; 3873 goto err; 3874 } 3875 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) { 3876 errmsg = "TAG_ERROR"; 3877 goto err; 3878 } 3879 } 3880 testresult = 1; 3881 err: 3882 if (errmsg != NULL) 3883 TEST_info("evp_init_test %d: %s", idx, errmsg); 3884 EVP_CIPHER_CTX_free(ctx); 3885 EVP_CIPHER_free(type); 3886 return testresult; 3887} 3888 3889/* 3890 * Test re-initialization of cipher context without changing key or iv. 3891 * The result of both iteration should be the same. 3892 */ 3893static int test_evp_reinit_seq(int idx) 3894{ 3895 int outlen1, outlen2, outlen_final; 3896 int testresult = 0; 3897 unsigned char outbuf1[1024]; 3898 unsigned char outbuf2[1024]; 3899 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx]; 3900 EVP_CIPHER_CTX *ctx = NULL; 3901 EVP_CIPHER *type = NULL; 3902 3903 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 3904 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) 3905 /* setup cipher context */ 3906 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL)) 3907 /* first iteration */ 3908 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen)) 3909 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final)) 3910 /* check test results iteration 1 */ 3911 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final) 3912 /* now re-init the context (same cipher, key and iv) */ 3913 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL)) 3914 /* second iteration */ 3915 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen)) 3916 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final)) 3917 /* check test results iteration 2 */ 3918 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final)) 3919 goto err; 3920 testresult = 1; 3921 err: 3922 EVP_CIPHER_CTX_free(ctx); 3923 EVP_CIPHER_free(type); 3924 return testresult; 3925} 3926 3927typedef struct { 3928 const unsigned char *input; 3929 const unsigned char *expected; 3930 size_t inlen; 3931 size_t expectedlen; 3932 int enc; 3933} EVP_RESET_TEST_st; 3934 3935static const EVP_RESET_TEST_st evp_reset_tests[] = { 3936 { 3937 cfbPlaintext, cfbCiphertext, 3938 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 3939 }, 3940 { 3941 cfbCiphertext, cfbPlaintext, 3942 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 3943 } 3944}; 3945 3946/* 3947 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already 3948 * been used. 3949 */ 3950static int test_evp_reset(int idx) 3951{ 3952 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx]; 3953 int outlen1, outlen2; 3954 int testresult = 0; 3955 unsigned char outbuf[1024]; 3956 EVP_CIPHER_CTX *ctx = NULL; 3957 EVP_CIPHER *type = NULL; 3958 char *errmsg = NULL; 3959 3960 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 3961 errmsg = "CTX_ALLOC"; 3962 goto err; 3963 } 3964 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) { 3965 errmsg = "CIPHER_FETCH"; 3966 goto err; 3967 } 3968 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 3969 errmsg = "CIPHER_INIT"; 3970 goto err; 3971 } 3972 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 3973 errmsg = "PADDING"; 3974 goto err; 3975 } 3976 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 3977 errmsg = "CIPHER_UPDATE"; 3978 goto err; 3979 } 3980 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 3981 errmsg = "CIPHER_FINAL"; 3982 goto err; 3983 } 3984 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 3985 errmsg = "WRONG_RESULT"; 3986 goto err; 3987 } 3988 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) { 3989 errmsg = "CIPHER_REINIT"; 3990 goto err; 3991 } 3992 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 3993 errmsg = "CIPHER_UPDATE (reinit)"; 3994 goto err; 3995 } 3996 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 3997 errmsg = "CIPHER_FINAL (reinit)"; 3998 goto err; 3999 } 4000 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 4001 errmsg = "WRONG_RESULT (reinit)"; 4002 goto err; 4003 } 4004 testresult = 1; 4005 err: 4006 if (errmsg != NULL) 4007 TEST_info("test_evp_reset %d: %s", idx, errmsg); 4008 EVP_CIPHER_CTX_free(ctx); 4009 EVP_CIPHER_free(type); 4010 return testresult; 4011} 4012 4013typedef struct { 4014 const char *cipher; 4015 int enc; 4016} EVP_UPDATED_IV_TEST_st; 4017 4018static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { 4019 { 4020 "aes-128-cfb", 1 4021 }, 4022 { 4023 "aes-128-cfb", 0 4024 }, 4025 { 4026 "aes-128-cfb1", 1 4027 }, 4028 { 4029 "aes-128-cfb1", 0 4030 }, 4031 { 4032 "aes-128-cfb8", 1 4033 }, 4034 { 4035 "aes-128-cfb8", 0 4036 }, 4037 { 4038 "aes-128-ofb", 1 4039 }, 4040 { 4041 "aes-128-ofb", 0 4042 }, 4043 { 4044 "aes-128-ctr", 1 4045 }, 4046 { 4047 "aes-128-ctr", 0 4048 }, 4049 { 4050 "aes-128-cbc", 1 4051 }, 4052 { 4053 "aes-128-cbc", 0 4054 } 4055}; 4056 4057/* 4058 * Test that the IV in the context is updated during a crypto operation for CFB 4059 * and OFB. 4060 */ 4061static int test_evp_updated_iv(int idx) 4062{ 4063 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; 4064 int outlen1, outlen2; 4065 int testresult = 0; 4066 unsigned char outbuf[1024]; 4067 EVP_CIPHER_CTX *ctx = NULL; 4068 EVP_CIPHER *type = NULL; 4069 unsigned char updated_iv[EVP_MAX_IV_LENGTH]; 4070 int iv_len; 4071 char *errmsg = NULL; 4072 4073 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 4074 errmsg = "CTX_ALLOC"; 4075 goto err; 4076 } 4077 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) { 4078 TEST_info("cipher %s not supported, skipping", t->cipher); 4079 goto ok; 4080 } 4081 4082 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 4083 errmsg = "CIPHER_INIT"; 4084 goto err; 4085 } 4086 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 4087 errmsg = "PADDING"; 4088 goto err; 4089 } 4090 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { 4091 errmsg = "CIPHER_UPDATE"; 4092 goto err; 4093 } 4094 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) { 4095 errmsg = "CIPHER_CTX_GET_UPDATED_IV"; 4096 goto err; 4097 } 4098 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) { 4099 errmsg = "CIPHER_CTX_GET_IV_LEN"; 4100 goto err; 4101 } 4102 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { 4103 errmsg = "IV_NOT_UPDATED"; 4104 goto err; 4105 } 4106 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4107 errmsg = "CIPHER_FINAL"; 4108 goto err; 4109 } 4110 ok: 4111 testresult = 1; 4112 err: 4113 if (errmsg != NULL) 4114 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); 4115 EVP_CIPHER_CTX_free(ctx); 4116 EVP_CIPHER_free(type); 4117 return testresult; 4118} 4119 4120typedef struct { 4121 const unsigned char *iv1; 4122 const unsigned char *iv2; 4123 const unsigned char *expected1; 4124 const unsigned char *expected2; 4125 const unsigned char *tag1; 4126 const unsigned char *tag2; 4127 size_t ivlen1; 4128 size_t ivlen2; 4129 size_t expectedlen1; 4130 size_t expectedlen2; 4131} TEST_GCM_IV_REINIT_st; 4132 4133static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { 4134 { 4135 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, 4136 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), 4137 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) 4138 }, 4139 { 4140 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, 4141 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), 4142 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) 4143 } 4144}; 4145 4146static int test_gcm_reinit(int idx) 4147{ 4148 int outlen1, outlen2, outlen3; 4149 int testresult = 0; 4150 unsigned char outbuf[1024]; 4151 unsigned char tag[16]; 4152 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx]; 4153 EVP_CIPHER_CTX *ctx = NULL; 4154 EVP_CIPHER *type = NULL; 4155 size_t taglen = sizeof(tag); 4156 char *errmsg = NULL; 4157 4158 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 4159 errmsg = "CTX_ALLOC"; 4160 goto err; 4161 } 4162 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) { 4163 errmsg = "CIPHER_FETCH"; 4164 goto err; 4165 } 4166 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) { 4167 errmsg = "ENC_INIT"; 4168 goto err; 4169 } 4170 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) { 4171 errmsg = "SET_IVLEN1"; 4172 goto err; 4173 } 4174 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) { 4175 errmsg = "SET_IV1"; 4176 goto err; 4177 } 4178 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 4179 errmsg = "AAD1"; 4180 goto err; 4181 } 4182 EVP_CIPHER_CTX_set_padding(ctx, 0); 4183 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 4184 sizeof(gcmResetPlaintext)))) { 4185 errmsg = "CIPHER_UPDATE1"; 4186 goto err; 4187 } 4188 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4189 errmsg = "CIPHER_FINAL1"; 4190 goto err; 4191 } 4192 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) { 4193 errmsg = "WRONG_RESULT1"; 4194 goto err; 4195 } 4196 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 4197 errmsg = "GET_TAG1"; 4198 goto err; 4199 } 4200 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) { 4201 errmsg = "TAG_ERROR1"; 4202 goto err; 4203 } 4204 /* Now reinit */ 4205 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) { 4206 errmsg = "SET_IVLEN2"; 4207 goto err; 4208 } 4209 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) { 4210 errmsg = "SET_IV2"; 4211 goto err; 4212 } 4213 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 4214 errmsg = "AAD2"; 4215 goto err; 4216 } 4217 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 4218 sizeof(gcmResetPlaintext)))) { 4219 errmsg = "CIPHER_UPDATE2"; 4220 goto err; 4221 } 4222 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4223 errmsg = "CIPHER_FINAL2"; 4224 goto err; 4225 } 4226 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) { 4227 errmsg = "WRONG_RESULT2"; 4228 goto err; 4229 } 4230 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 4231 errmsg = "GET_TAG2"; 4232 goto err; 4233 } 4234 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) { 4235 errmsg = "TAG_ERROR2"; 4236 goto err; 4237 } 4238 testresult = 1; 4239 err: 4240 if (errmsg != NULL) 4241 TEST_info("evp_init_test %d: %s", idx, errmsg); 4242 EVP_CIPHER_CTX_free(ctx); 4243 EVP_CIPHER_free(type); 4244 return testresult; 4245} 4246 4247static const char *ivlen_change_ciphers[] = { 4248 "AES-256-GCM", 4249#ifndef OPENSSL_NO_OCB 4250 "AES-256-OCB", 4251#endif 4252 "AES-256-CCM" 4253}; 4254 4255/* Negative test for ivlen change after iv being set */ 4256static int test_ivlen_change(int idx) 4257{ 4258 int outlen; 4259 int res = 0; 4260 unsigned char outbuf[1024]; 4261 static const unsigned char iv[] = { 4262 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 4263 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 4264 }; 4265 EVP_CIPHER_CTX *ctx = NULL; 4266 EVP_CIPHER *ciph = NULL; 4267 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 4268 size_t ivlen = 13; /* non-default IV length */ 4269 4270 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 4271 goto err; 4272 4273 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx], 4274 testpropq))) 4275 goto err; 4276 4277 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1))) 4278 goto err; 4279 4280 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 4281 sizeof(gcmDefaultPlaintext)))) 4282 goto err; 4283 4284 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 4285 &ivlen); 4286 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 4287 goto err; 4288 4289 ERR_set_mark(); 4290 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 4291 sizeof(gcmDefaultPlaintext)))) { 4292 ERR_clear_last_mark(); 4293 goto err; 4294 } 4295 ERR_pop_to_mark(); 4296 4297 res = 1; 4298 err: 4299 EVP_CIPHER_CTX_free(ctx); 4300 EVP_CIPHER_free(ciph); 4301 return res; 4302} 4303 4304static const char *keylen_change_ciphers[] = { 4305#ifndef OPENSSL_NO_BF 4306 "BF-ECB", 4307#endif 4308#ifndef OPENSSL_NO_CAST 4309 "CAST5-ECB", 4310#endif 4311#ifndef OPENSSL_NO_RC2 4312 "RC2-ECB", 4313#endif 4314#ifndef OPENSSL_NO_RC4 4315 "RC4", 4316#endif 4317#ifndef OPENSSL_NO_RC5 4318 "RC5-ECB", 4319#endif 4320 NULL 4321}; 4322 4323/* Negative test for keylen change after key was set */ 4324static int test_keylen_change(int idx) 4325{ 4326 int outlen; 4327 int res = 0; 4328 unsigned char outbuf[1024]; 4329 static const unsigned char key[] = { 4330 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 4331 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 4332 }; 4333 EVP_CIPHER_CTX *ctx = NULL; 4334 EVP_CIPHER *ciph = NULL; 4335 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 4336 size_t keylen = 12; /* non-default key length */ 4337 4338 if (lgcyprov == NULL) 4339 return TEST_skip("Test requires legacy provider to be loaded"); 4340 4341 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 4342 goto err; 4343 4344 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx], 4345 testpropq))) 4346 goto err; 4347 4348 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1))) 4349 goto err; 4350 4351 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 4352 sizeof(gcmDefaultPlaintext)))) 4353 goto err; 4354 4355 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 4356 &keylen); 4357 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 4358 goto err; 4359 4360 ERR_set_mark(); 4361 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 4362 sizeof(gcmDefaultPlaintext)))) { 4363 ERR_clear_last_mark(); 4364 goto err; 4365 } 4366 ERR_pop_to_mark(); 4367 4368 res = 1; 4369 err: 4370 EVP_CIPHER_CTX_free(ctx); 4371 EVP_CIPHER_free(ciph); 4372 return res; 4373} 4374 4375#ifndef OPENSSL_NO_DEPRECATED_3_0 4376static EVP_PKEY_METHOD *custom_pmeth = NULL; 4377static const EVP_PKEY_METHOD *orig_pmeth = NULL; 4378 4379# define EVP_PKEY_CTRL_MY_COMMAND 9999 4380 4381static int custom_pmeth_init(EVP_PKEY_CTX *ctx) 4382{ 4383 int (*pinit)(EVP_PKEY_CTX *ctx); 4384 4385 EVP_PKEY_meth_get_init(orig_pmeth, &pinit); 4386 return pinit(ctx); 4387} 4388 4389static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx) 4390{ 4391 void (*pcleanup)(EVP_PKEY_CTX *ctx); 4392 4393 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup); 4394 pcleanup(ctx); 4395} 4396 4397static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out, 4398 size_t *outlen, const unsigned char *in, 4399 size_t inlen) 4400{ 4401 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 4402 const unsigned char *tbs, size_t tbslen); 4403 4404 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign); 4405 return psign(ctx, out, outlen, in, inlen); 4406} 4407 4408static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig, 4409 size_t *siglen, const unsigned char *tbs, 4410 size_t tbslen) 4411{ 4412 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 4413 const unsigned char *tbs, size_t tbslen); 4414 4415 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign); 4416 return pdigestsign(ctx, sig, siglen, tbs, tbslen); 4417} 4418 4419static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key, 4420 size_t *keylen) 4421{ 4422 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 4423 4424 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive); 4425 return pderive(ctx, key, keylen); 4426} 4427 4428static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) 4429{ 4430 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); 4431 4432 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy); 4433 return pcopy(dst, src); 4434} 4435 4436static int ctrl_called; 4437 4438static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 4439{ 4440 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 4441 4442 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL); 4443 4444 if (type == EVP_PKEY_CTRL_MY_COMMAND) { 4445 ctrl_called = 1; 4446 return 1; 4447 } 4448 4449 return pctrl(ctx, type, p1, p2); 4450} 4451 4452static int test_custom_pmeth(int idx) 4453{ 4454 EVP_PKEY_CTX *pctx = NULL; 4455 EVP_MD_CTX *ctx = NULL; 4456 EVP_PKEY *pkey = NULL; 4457 int id, orig_id, orig_flags; 4458 int testresult = 0; 4459 size_t reslen; 4460 unsigned char *res = NULL; 4461 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' }; 4462 const EVP_MD *md = EVP_sha256(); 4463 int doderive = 0; 4464 4465 ctrl_called = 0; 4466 4467 /* We call deprecated APIs so this test doesn't support a custom libctx */ 4468 if (testctx != NULL) 4469 return 1; 4470 4471 switch(idx) { 4472 case 0: 4473 case 6: 4474 id = EVP_PKEY_RSA; 4475 pkey = load_example_rsa_key(); 4476 break; 4477 case 1: 4478 case 7: 4479# ifndef OPENSSL_NO_DSA 4480 id = EVP_PKEY_DSA; 4481 pkey = load_example_dsa_key(); 4482 break; 4483# else 4484 return 1; 4485# endif 4486 case 2: 4487 case 8: 4488# ifndef OPENSSL_NO_EC 4489 id = EVP_PKEY_EC; 4490 pkey = load_example_ec_key(); 4491 break; 4492# else 4493 return 1; 4494# endif 4495 case 3: 4496 case 9: 4497# ifndef OPENSSL_NO_EC 4498 id = EVP_PKEY_ED25519; 4499 md = NULL; 4500 pkey = load_example_ed25519_key(); 4501 break; 4502# else 4503 return 1; 4504# endif 4505 case 4: 4506 case 10: 4507# ifndef OPENSSL_NO_DH 4508 id = EVP_PKEY_DH; 4509 doderive = 1; 4510 pkey = load_example_dh_key(); 4511 break; 4512# else 4513 return 1; 4514# endif 4515 case 5: 4516 case 11: 4517# ifndef OPENSSL_NO_EC 4518 id = EVP_PKEY_X25519; 4519 doderive = 1; 4520 pkey = load_example_x25519_key(); 4521 break; 4522# else 4523 return 1; 4524# endif 4525 default: 4526 TEST_error("Should not happen"); 4527 goto err; 4528 } 4529 4530 if (!TEST_ptr(pkey)) 4531 goto err; 4532 4533 if (idx < 6) { 4534 if (!TEST_true(evp_pkey_is_provided(pkey))) 4535 goto err; 4536 } else { 4537 EVP_PKEY *tmp = pkey; 4538 4539 /* Convert to a legacy key */ 4540 pkey = EVP_PKEY_new(); 4541 if (!TEST_ptr(pkey)) { 4542 pkey = tmp; 4543 goto err; 4544 } 4545 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) { 4546 EVP_PKEY_free(tmp); 4547 goto err; 4548 } 4549 EVP_PKEY_free(tmp); 4550 if (!TEST_true(evp_pkey_is_legacy(pkey))) 4551 goto err; 4552 } 4553 4554 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id)) 4555 || !TEST_ptr(pkey)) 4556 goto err; 4557 4558 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth); 4559 if (!TEST_int_eq(orig_id, id) 4560 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags))) 4561 goto err; 4562 4563 if (id == EVP_PKEY_ED25519) { 4564 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign); 4565 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) { 4566 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive); 4567 } else { 4568 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign); 4569 } 4570 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) { 4571 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init); 4572 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup); 4573 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy); 4574 } 4575 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL); 4576 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth))) 4577 goto err; 4578 4579 if (doderive) { 4580 pctx = EVP_PKEY_CTX_new(pkey, NULL); 4581 if (!TEST_ptr(pctx) 4582 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1) 4583 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 4584 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 4585 1) 4586 || !TEST_int_eq(ctrl_called, 1) 4587 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1) 4588 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1) 4589 || !TEST_ptr(res = OPENSSL_malloc(reslen)) 4590 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1)) 4591 goto err; 4592 } else { 4593 ctx = EVP_MD_CTX_new(); 4594 reslen = EVP_PKEY_size(pkey); 4595 res = OPENSSL_malloc(reslen); 4596 if (!TEST_ptr(ctx) 4597 || !TEST_ptr(res) 4598 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey)) 4599 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 4600 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 4601 1) 4602 || !TEST_int_eq(ctrl_called, 1)) 4603 goto err; 4604 4605 if (id == EVP_PKEY_ED25519) { 4606 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg)))) 4607 goto err; 4608 } else { 4609 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg))) 4610 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen))) 4611 goto err; 4612 } 4613 } 4614 4615 testresult = 1; 4616 err: 4617 OPENSSL_free(res); 4618 EVP_MD_CTX_free(ctx); 4619 if (doderive) 4620 EVP_PKEY_CTX_free(pctx); 4621 EVP_PKEY_free(pkey); 4622 EVP_PKEY_meth_remove(custom_pmeth); 4623 EVP_PKEY_meth_free(custom_pmeth); 4624 custom_pmeth = NULL; 4625 return testresult; 4626} 4627 4628static int test_evp_md_cipher_meth(void) 4629{ 4630 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256()); 4631 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc()); 4632 int testresult = 0; 4633 4634 if (!TEST_ptr(md) || !TEST_ptr(ciph)) 4635 goto err; 4636 4637 testresult = 1; 4638 4639 err: 4640 EVP_MD_meth_free(md); 4641 EVP_CIPHER_meth_free(ciph); 4642 4643 return testresult; 4644} 4645 4646typedef struct { 4647 int data; 4648} custom_dgst_ctx; 4649 4650static int custom_md_init_called = 0; 4651static int custom_md_cleanup_called = 0; 4652 4653static int custom_md_init(EVP_MD_CTX *ctx) 4654{ 4655 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 4656 4657 if (p == NULL) 4658 return 0; 4659 4660 custom_md_init_called++; 4661 return 1; 4662} 4663 4664static int custom_md_cleanup(EVP_MD_CTX *ctx) 4665{ 4666 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 4667 4668 if (p == NULL) 4669 /* Nothing to do */ 4670 return 1; 4671 4672 custom_md_cleanup_called++; 4673 return 1; 4674} 4675 4676static int test_custom_md_meth(void) 4677{ 4678 EVP_MD_CTX *mdctx = NULL; 4679 EVP_MD *tmp = NULL; 4680 char mess[] = "Test Message\n"; 4681 unsigned char md_value[EVP_MAX_MD_SIZE]; 4682 unsigned int md_len; 4683 int testresult = 0; 4684 int nid; 4685 4686 /* 4687 * We are testing deprecated functions. We don't support a non-default 4688 * library context in this test. 4689 */ 4690 if (testctx != NULL) 4691 return TEST_skip("Non-default libctx"); 4692 4693 custom_md_init_called = custom_md_cleanup_called = 0; 4694 4695 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md"); 4696 if (!TEST_int_ne(nid, NID_undef)) 4697 goto err; 4698 tmp = EVP_MD_meth_new(nid, NID_undef); 4699 if (!TEST_ptr(tmp)) 4700 goto err; 4701 4702 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init)) 4703 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup)) 4704 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp, 4705 sizeof(custom_dgst_ctx)))) 4706 goto err; 4707 4708 mdctx = EVP_MD_CTX_new(); 4709 if (!TEST_ptr(mdctx) 4710 /* 4711 * Initing our custom md and then initing another md should 4712 * result in the init and cleanup functions of the custom md 4713 * being called. 4714 */ 4715 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) 4716 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) 4717 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess))) 4718 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len)) 4719 || !TEST_int_eq(custom_md_init_called, 1) 4720 || !TEST_int_eq(custom_md_cleanup_called, 1)) 4721 goto err; 4722 4723 testresult = 1; 4724 err: 4725 EVP_MD_CTX_free(mdctx); 4726 EVP_MD_meth_free(tmp); 4727 return testresult; 4728} 4729 4730typedef struct { 4731 int data; 4732} custom_ciph_ctx; 4733 4734static int custom_ciph_init_called = 0; 4735static int custom_ciph_cleanup_called = 0; 4736 4737static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 4738 const unsigned char *iv, int enc) 4739{ 4740 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 4741 4742 if (p == NULL) 4743 return 0; 4744 4745 custom_ciph_init_called++; 4746 return 1; 4747} 4748 4749static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx) 4750{ 4751 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 4752 4753 if (p == NULL) 4754 /* Nothing to do */ 4755 return 1; 4756 4757 custom_ciph_cleanup_called++; 4758 return 1; 4759} 4760 4761static int test_custom_ciph_meth(void) 4762{ 4763 EVP_CIPHER_CTX *ciphctx = NULL; 4764 EVP_CIPHER *tmp = NULL; 4765 int testresult = 0; 4766 int nid; 4767 4768 /* 4769 * We are testing deprecated functions. We don't support a non-default 4770 * library context in this test. 4771 */ 4772 if (testctx != NULL) 4773 return TEST_skip("Non-default libctx"); 4774 4775 custom_ciph_init_called = custom_ciph_cleanup_called = 0; 4776 4777 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph"); 4778 if (!TEST_int_ne(nid, NID_undef)) 4779 goto err; 4780 tmp = EVP_CIPHER_meth_new(nid, 16, 16); 4781 if (!TEST_ptr(tmp)) 4782 goto err; 4783 4784 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init)) 4785 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT)) 4786 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup)) 4787 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp, 4788 sizeof(custom_ciph_ctx)))) 4789 goto err; 4790 4791 ciphctx = EVP_CIPHER_CTX_new(); 4792 if (!TEST_ptr(ciphctx) 4793 /* 4794 * Initing our custom cipher and then initing another cipher 4795 * should result in the init and cleanup functions of the custom 4796 * cipher being called. 4797 */ 4798 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1)) 4799 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL, 4800 NULL, NULL, 1)) 4801 || !TEST_int_eq(custom_ciph_init_called, 1) 4802 || !TEST_int_eq(custom_ciph_cleanup_called, 1)) 4803 goto err; 4804 4805 testresult = 1; 4806 err: 4807 EVP_CIPHER_CTX_free(ciphctx); 4808 EVP_CIPHER_meth_free(tmp); 4809 return testresult; 4810} 4811 4812# ifndef OPENSSL_NO_DYNAMIC_ENGINE 4813/* Test we can create a signature keys with an associated ENGINE */ 4814static int test_signatures_with_engine(int tst) 4815{ 4816 ENGINE *e; 4817 const char *engine_id = "dasync"; 4818 EVP_PKEY *pkey = NULL; 4819 const unsigned char badcmackey[] = { 0x00, 0x01 }; 4820 const unsigned char cmackey[] = { 4821 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4822 0x0c, 0x0d, 0x0e, 0x0f 4823 }; 4824 const unsigned char ed25519key[] = { 4825 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4826 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 4827 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 4828 }; 4829 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 4830 int testresult = 0; 4831 EVP_MD_CTX *ctx = NULL; 4832 unsigned char *mac = NULL; 4833 size_t maclen = 0; 4834 int ret; 4835 4836# ifdef OPENSSL_NO_CMAC 4837 /* Skip CMAC tests in a no-cmac build */ 4838 if (tst <= 1) 4839 return 1; 4840# endif 4841 4842 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 4843 return 0; 4844 4845 if (!TEST_true(ENGINE_init(e))) { 4846 ENGINE_free(e); 4847 return 0; 4848 } 4849 4850 switch (tst) { 4851 case 0: 4852 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey), 4853 EVP_aes_128_cbc()); 4854 break; 4855 case 1: 4856 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey), 4857 EVP_aes_128_cbc()); 4858 break; 4859 case 2: 4860 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key, 4861 sizeof(ed25519key)); 4862 break; 4863 default: 4864 TEST_error("Invalid test case"); 4865 goto err; 4866 } 4867 if (!TEST_ptr(pkey)) 4868 goto err; 4869 4870 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 4871 goto err; 4872 4873 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL, 4874 pkey); 4875 if (tst == 0) { 4876 if (!TEST_true(ret)) 4877 goto err; 4878 4879 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg))) 4880 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen))) 4881 goto err; 4882 4883 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 4884 goto err; 4885 4886 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen))) 4887 goto err; 4888 } else { 4889 /* We used a bad key. We expect a failure here */ 4890 if (!TEST_false(ret)) 4891 goto err; 4892 } 4893 4894 testresult = 1; 4895 err: 4896 EVP_MD_CTX_free(ctx); 4897 OPENSSL_free(mac); 4898 EVP_PKEY_free(pkey); 4899 ENGINE_finish(e); 4900 ENGINE_free(e); 4901 4902 return testresult; 4903} 4904 4905static int test_cipher_with_engine(void) 4906{ 4907 ENGINE *e; 4908 const char *engine_id = "dasync"; 4909 const unsigned char keyiv[] = { 4910 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4911 0x0c, 0x0d, 0x0e, 0x0f 4912 }; 4913 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 4914 int testresult = 0; 4915 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL; 4916 unsigned char buf[AES_BLOCK_SIZE]; 4917 int len = 0; 4918 4919 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 4920 return 0; 4921 4922 if (!TEST_true(ENGINE_init(e))) { 4923 ENGINE_free(e); 4924 return 0; 4925 } 4926 4927 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 4928 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new())) 4929 goto err; 4930 4931 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv))) 4932 goto err; 4933 4934 /* Copy the ctx, and complete the operation with the new ctx */ 4935 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx))) 4936 goto err; 4937 4938 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg))) 4939 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len))) 4940 goto err; 4941 4942 testresult = 1; 4943 err: 4944 EVP_CIPHER_CTX_free(ctx); 4945 EVP_CIPHER_CTX_free(ctx2); 4946 ENGINE_finish(e); 4947 ENGINE_free(e); 4948 4949 return testresult; 4950} 4951# endif /* OPENSSL_NO_DYNAMIC_ENGINE */ 4952#endif /* OPENSSL_NO_DEPRECATED_3_0 */ 4953 4954static int ecxnids[] = { 4955 NID_X25519, 4956 NID_X448, 4957 NID_ED25519, 4958 NID_ED448 4959}; 4960 4961/* Test that creating ECX keys with a short private key fails as expected */ 4962static int test_ecx_short_keys(int tst) 4963{ 4964 unsigned char ecxkeydata = 1; 4965 EVP_PKEY *pkey; 4966 4967 4968 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]), 4969 NULL, &ecxkeydata, 1); 4970 if (!TEST_ptr_null(pkey)) { 4971 EVP_PKEY_free(pkey); 4972 return 0; 4973 } 4974 4975 return 1; 4976} 4977 4978typedef enum OPTION_choice { 4979 OPT_ERR = -1, 4980 OPT_EOF = 0, 4981 OPT_CONTEXT, 4982 OPT_TEST_ENUM 4983} OPTION_CHOICE; 4984 4985const OPTIONS *test_get_options(void) 4986{ 4987 static const OPTIONS options[] = { 4988 OPT_TEST_OPTIONS_DEFAULT_USAGE, 4989 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" }, 4990 { NULL } 4991 }; 4992 return options; 4993} 4994 4995#ifndef OPENSSL_NO_EC 4996/* Test that trying to sign with a public key errors out gracefully */ 4997static int test_ecx_not_private_key(int tst) 4998{ 4999 EVP_PKEY *pkey = NULL; 5000 5001 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 5002 int testresult = 0; 5003 EVP_MD_CTX *ctx = NULL; 5004 unsigned char *mac = NULL; 5005 size_t maclen = 0; 5006 unsigned char *pubkey; 5007 size_t pubkeylen; 5008 5009 switch (keys[tst].type) { 5010 case NID_X25519: 5011 case NID_X448: 5012 return TEST_skip("signing not supported for X25519/X448"); 5013 } 5014 5015 /* Check if this algorithm supports public keys */ 5016 if (keys[tst].pub == NULL) 5017 return TEST_skip("no public key present"); 5018 5019 pubkey = (unsigned char *)keys[tst].pub; 5020 pubkeylen = strlen(keys[tst].pub); 5021 5022 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type), 5023 NULL, pubkey, pubkeylen); 5024 if (!TEST_ptr(pkey)) 5025 goto err; 5026 5027 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 5028 goto err; 5029 5030 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1) 5031 goto check_err; 5032 5033 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1) 5034 goto check_err; 5035 5036 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 5037 goto err; 5038 5039 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0)) 5040 goto err; 5041 5042 check_err: 5043 /* 5044 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY, 5045 * but we relax the check to allow error also thrown by 5046 * EVP_DigestSignInit and EVP_DigestSign. 5047 */ 5048 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) { 5049 testresult = 1; 5050 ERR_clear_error(); 5051 } 5052 5053 err: 5054 EVP_MD_CTX_free(ctx); 5055 OPENSSL_free(mac); 5056 EVP_PKEY_free(pkey); 5057 5058 return testresult; 5059} 5060#endif /* OPENSSL_NO_EC */ 5061 5062static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s, 5063 const unsigned char *gcm_iv, size_t gcm_ivlen, 5064 const unsigned char *gcm_pt, size_t gcm_pt_s, 5065 const unsigned char *gcm_aad, size_t gcm_aad_s, 5066 const unsigned char *gcm_ct, size_t gcm_ct_s, 5067 const unsigned char *gcm_tag, size_t gcm_tag_s) 5068{ 5069 int ret = 0; 5070 EVP_CIPHER_CTX *ctx; 5071 EVP_CIPHER *cipher = NULL; 5072 int outlen, tmplen; 5073 unsigned char outbuf[1024]; 5074 unsigned char outtag[16]; 5075 OSSL_PARAM params[2] = { 5076 OSSL_PARAM_END, OSSL_PARAM_END 5077 }; 5078 5079 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 5080 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", ""))) 5081 goto err; 5082 5083 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 5084 &gcm_ivlen); 5085 5086 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 5087 || (gcm_aad != NULL 5088 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, 5089 gcm_aad, gcm_aad_s))) 5090 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 5091 gcm_pt, gcm_pt_s)) 5092 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 5093 goto err; 5094 5095 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 5096 outtag, sizeof(outtag)); 5097 5098 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)) 5099 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s) 5100 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s)) 5101 goto err; 5102 5103 ret = 1; 5104err: 5105 EVP_CIPHER_free(cipher); 5106 EVP_CIPHER_CTX_free(ctx); 5107 5108 return ret; 5109} 5110 5111static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s, 5112 const unsigned char *gcm_iv, size_t gcm_ivlen, 5113 const unsigned char *gcm_pt, size_t gcm_pt_s, 5114 const unsigned char *gcm_aad, size_t gcm_aad_s, 5115 const unsigned char *gcm_ct, size_t gcm_ct_s, 5116 const unsigned char *gcm_tag, size_t gcm_tag_s) 5117{ 5118 int ret = 0; 5119 EVP_CIPHER_CTX *ctx; 5120 EVP_CIPHER *cipher = NULL; 5121 int outlen; 5122 unsigned char outbuf[1024]; 5123 OSSL_PARAM params[2] = { 5124 OSSL_PARAM_END, OSSL_PARAM_END 5125 }; 5126 5127 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 5128 goto err; 5129 5130 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL) 5131 goto err; 5132 5133 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 5134 &gcm_ivlen); 5135 5136 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 5137 || (gcm_aad != NULL 5138 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, 5139 gcm_aad, gcm_aad_s))) 5140 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 5141 gcm_ct, gcm_ct_s)) 5142 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s)) 5143 goto err; 5144 5145 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 5146 (void*)gcm_tag, gcm_tag_s); 5147 5148 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) 5149 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen))) 5150 goto err; 5151 5152 ret = 1; 5153err: 5154 EVP_CIPHER_free(cipher); 5155 EVP_CIPHER_CTX_free(ctx); 5156 5157 return ret; 5158} 5159 5160static int test_aes_gcm_ivlen_change_cve_2023_5363(void) 5161{ 5162 /* AES-GCM test data obtained from NIST public test vectors */ 5163 static const unsigned char gcm_key[] = { 5164 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf, 5165 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84, 5166 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b, 5167 }; 5168 static const unsigned char gcm_iv[] = { 5169 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8, 5170 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca, 5171 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14, 5172 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09, 5173 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8, 5174 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24, 5175 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0, 5176 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54, 5177 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc, 5178 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b, 5179 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d, 5180 }; 5181 static const unsigned char gcm_pt[] = { 5182 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07, 5183 0x4f, 0xe3, 0x6f, 0x81, 5184 }; 5185 static const unsigned char gcm_ct[] = { 5186 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3, 5187 0xe2, 0xd0, 0xec, 0xed, 5188 }; 5189 static const unsigned char gcm_tag[] = { 5190 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63, 5191 0xdb, 0x99, 0x6c, 0x21, 5192 }; 5193 5194 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 5195 gcm_pt, sizeof(gcm_pt), NULL, 0, 5196 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)) 5197 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 5198 gcm_pt, sizeof(gcm_pt), NULL, 0, 5199 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)); 5200} 5201 5202#ifndef OPENSSL_NO_RC4 5203static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s, 5204 const unsigned char *rc4_pt, size_t rc4_pt_s, 5205 const unsigned char *rc4_ct, size_t rc4_ct_s) 5206{ 5207 int ret = 0; 5208 EVP_CIPHER_CTX *ctx; 5209 EVP_CIPHER *cipher = NULL; 5210 int outlen, tmplen; 5211 unsigned char outbuf[1024]; 5212 OSSL_PARAM params[2] = { 5213 OSSL_PARAM_END, OSSL_PARAM_END 5214 }; 5215 5216 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 5217 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", ""))) 5218 goto err; 5219 5220 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 5221 &rc4_key_s); 5222 5223 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 5224 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 5225 rc4_pt, rc4_pt_s)) 5226 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 5227 goto err; 5228 5229 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s)) 5230 goto err; 5231 5232 ret = 1; 5233err: 5234 EVP_CIPHER_free(cipher); 5235 EVP_CIPHER_CTX_free(ctx); 5236 5237 return ret; 5238} 5239 5240static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s, 5241 const unsigned char *rc4_pt, size_t rc4_pt_s, 5242 const unsigned char *rc4_ct, size_t rc4_ct_s) 5243{ 5244 int ret = 0; 5245 EVP_CIPHER_CTX *ctx; 5246 EVP_CIPHER *cipher = NULL; 5247 int outlen; 5248 unsigned char outbuf[1024]; 5249 OSSL_PARAM params[2] = { 5250 OSSL_PARAM_END, OSSL_PARAM_END 5251 }; 5252 5253 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 5254 goto err; 5255 5256 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL) 5257 goto err; 5258 5259 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 5260 &rc4_key_s); 5261 5262 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 5263 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 5264 rc4_ct, rc4_ct_s)) 5265 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s)) 5266 goto err; 5267 5268 ret = 1; 5269err: 5270 EVP_CIPHER_free(cipher); 5271 EVP_CIPHER_CTX_free(ctx); 5272 5273 return ret; 5274} 5275 5276static int test_aes_rc4_keylen_change_cve_2023_5363(void) 5277{ 5278 /* RC4 test data obtained from RFC 6229 */ 5279 static const struct { 5280 unsigned char key[5]; 5281 unsigned char padding[11]; 5282 } rc4_key = { 5283 { /* Five bytes of key material */ 5284 0x83, 0x32, 0x22, 0x77, 0x2a, 5285 }, 5286 { /* Random padding to 16 bytes */ 5287 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 5288 } 5289 }; 5290 static const unsigned char rc4_pt[] = { 5291 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 5292 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 5293 }; 5294 static const unsigned char rc4_ct[] = { 5295 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 5296 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda 5297 }; 5298 5299 if (lgcyprov == NULL) 5300 return TEST_skip("Test requires legacy provider to be loaded"); 5301 5302 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key), 5303 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)) 5304 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key), 5305 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)); 5306} 5307#endif 5308 5309int setup_tests(void) 5310{ 5311 OPTION_CHOICE o; 5312 5313 while ((o = opt_next()) != OPT_EOF) { 5314 switch (o) { 5315 case OPT_CONTEXT: 5316 /* Set up an alternate library context */ 5317 testctx = OSSL_LIB_CTX_new(); 5318 if (!TEST_ptr(testctx)) 5319 return 0; 5320#ifdef STATIC_LEGACY 5321 /* 5322 * This test is always statically linked against libcrypto. We must not 5323 * attempt to load legacy.so that might be dynamically linked against 5324 * libcrypto. Instead we use a built-in version of the legacy provider. 5325 */ 5326 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) 5327 return 0; 5328#endif 5329 /* Swap the libctx to test non-default context only */ 5330 nullprov = OSSL_PROVIDER_load(NULL, "null"); 5331 deflprov = OSSL_PROVIDER_load(testctx, "default"); 5332 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); 5333 break; 5334 case OPT_TEST_CASES: 5335 break; 5336 default: 5337 return 0; 5338 } 5339 } 5340 5341 ADD_TEST(test_EVP_set_default_properties); 5342 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30); 5343 ADD_TEST(test_EVP_DigestVerifyInit); 5344#ifndef OPENSSL_NO_SIPHASH 5345 ADD_TEST(test_siphash_digestsign); 5346#endif 5347 ADD_TEST(test_EVP_Digest); 5348 ADD_TEST(test_EVP_md_null); 5349 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3); 5350#ifndef OPENSSL_NO_DEPRECATED_3_0 5351 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2); 5352#endif 5353 ADD_ALL_TESTS(test_EVP_Enveloped, 2); 5354 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); 5355 ADD_TEST(test_privatekey_to_pkcs8); 5356 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag); 5357#ifndef OPENSSL_NO_EC 5358 ADD_TEST(test_EVP_PKCS82PKEY); 5359#endif 5360#ifndef OPENSSL_NO_EC 5361 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings)); 5362#endif 5363#if !defined(OPENSSL_NO_SM2) 5364 ADD_TEST(test_EVP_SM2); 5365 ADD_TEST(test_EVP_SM2_verify); 5366#endif 5367 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); 5368#ifndef OPENSSL_NO_DEPRECATED_3_0 5369 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); 5370 if (!TEST_ptr(custom_pmeth)) 5371 return 0; 5372 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); 5373 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); 5374 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); 5375 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) 5376 return 0; 5377#endif 5378 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); 5379#ifndef OPENSSL_NO_CMAC 5380 ADD_TEST(test_CMAC_keygen); 5381#endif 5382 ADD_TEST(test_HKDF); 5383 ADD_TEST(test_emptyikm_HKDF); 5384#ifndef OPENSSL_NO_EC 5385 ADD_TEST(test_X509_PUBKEY_inplace); 5386 ADD_TEST(test_X509_PUBKEY_dup); 5387 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, 5388 OSSL_NELEM(ec_der_pub_keys)); 5389#endif 5390#ifndef OPENSSL_NO_DSA 5391 ADD_TEST(test_DSA_get_set_params); 5392 ADD_TEST(test_DSA_priv_pub); 5393#endif 5394 ADD_TEST(test_RSA_get_set_params); 5395 ADD_TEST(test_RSA_OAEP_set_get_params); 5396 ADD_TEST(test_RSA_OAEP_set_null_label); 5397#if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 5398 ADD_TEST(test_decrypt_null_chunks); 5399#endif 5400#ifndef OPENSSL_NO_DH 5401 ADD_TEST(test_DH_priv_pub); 5402# ifndef OPENSSL_NO_DEPRECATED_3_0 5403 ADD_TEST(test_EVP_PKEY_set1_DH); 5404# endif 5405#endif 5406#ifndef OPENSSL_NO_EC 5407 ADD_TEST(test_EC_priv_pub); 5408# ifndef OPENSSL_NO_DEPRECATED_3_0 5409 ADD_TEST(test_EC_priv_only_legacy); 5410# endif 5411#endif 5412 ADD_ALL_TESTS(test_keygen_with_empty_template, 2); 5413 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2); 5414 5415 ADD_TEST(test_rand_agglomeration); 5416 ADD_ALL_TESTS(test_evp_iv_aes, 12); 5417#ifndef OPENSSL_NO_DES 5418 ADD_ALL_TESTS(test_evp_iv_des, 6); 5419#endif 5420#ifndef OPENSSL_NO_BF 5421 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4); 5422#endif 5423 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits); 5424 ADD_TEST(test_EVP_rsa_pss_set_saltlen); 5425#ifndef OPENSSL_NO_EC 5426 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids)); 5427#endif 5428 5429 ADD_TEST(test_names_do_all); 5430 5431 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); 5432 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); 5433 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests)); 5434 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); 5435 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); 5436 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers)); 5437 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0) 5438 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1); 5439 5440#ifndef OPENSSL_NO_DEPRECATED_3_0 5441 ADD_ALL_TESTS(test_custom_pmeth, 12); 5442 ADD_TEST(test_evp_md_cipher_meth); 5443 ADD_TEST(test_custom_md_meth); 5444 ADD_TEST(test_custom_ciph_meth); 5445 5446# ifndef OPENSSL_NO_DYNAMIC_ENGINE 5447 /* Tests only support the default libctx */ 5448 if (testctx == NULL) { 5449# ifndef OPENSSL_NO_EC 5450 ADD_ALL_TESTS(test_signatures_with_engine, 3); 5451# else 5452 ADD_ALL_TESTS(test_signatures_with_engine, 2); 5453# endif 5454 ADD_TEST(test_cipher_with_engine); 5455 } 5456# endif 5457#endif 5458 5459 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids)); 5460 5461#ifndef OPENSSL_NO_EC 5462 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); 5463#endif 5464 5465 /* Test cases for CVE-2023-5363 */ 5466 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363); 5467#ifndef OPENSSL_NO_RC4 5468 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); 5469#endif 5470 5471 return 1; 5472} 5473 5474void cleanup_tests(void) 5475{ 5476 OSSL_PROVIDER_unload(nullprov); 5477 OSSL_PROVIDER_unload(deflprov); 5478 OSSL_PROVIDER_unload(lgcyprov); 5479 OSSL_LIB_CTX_free(testctx); 5480} 5481