1 /* 2 * Copyright 2015-2024 The OpenSSL Project Authors. All Rights Reserved. 3 * 4 * Licensed under the Apache License 2.0 (the "License"). You may not use 5 * this file except in compliance with the License. You can obtain a copy 6 * in the file LICENSE in the source distribution or at 7 * https://www.openssl.org/source/license.html 8 */ 9 10 /* We need to use some deprecated APIs */ 11 #define OPENSSL_SUPPRESS_DEPRECATED 12 13 #include <stdio.h> 14 #include <stdlib.h> 15 #include <string.h> 16 #include <openssl/bio.h> 17 #include <openssl/conf.h> 18 #include <openssl/crypto.h> 19 #include <openssl/err.h> 20 #include <openssl/evp.h> 21 #include <openssl/x509.h> 22 #include <openssl/pem.h> 23 #include <openssl/kdf.h> 24 #include <openssl/provider.h> 25 #include <openssl/core_names.h> 26 #include <openssl/params.h> 27 #include <openssl/param_build.h> 28 #include <openssl/dsa.h> 29 #include <openssl/dh.h> 30 #include <openssl/aes.h> 31 #include <openssl/decoder.h> 32 #include <openssl/rsa.h> 33 #include <openssl/engine.h> 34 #include <openssl/proverr.h> 35 #include "testutil.h" 36 #include "internal/nelem.h" 37 #include "internal/sizes.h" 38 #include "crypto/evp.h" 39 40 #ifdef STATIC_LEGACY 41 OSSL_provider_init_fn ossl_legacy_provider_init; 42 #endif 43 44 static OSSL_LIB_CTX *testctx = NULL; 45 static char *testpropq = NULL; 46 47 static OSSL_PROVIDER *nullprov = NULL; 48 static OSSL_PROVIDER *deflprov = NULL; 49 static OSSL_PROVIDER *lgcyprov = NULL; 50 51 /* 52 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you 53 * should never use this key anywhere but in an example. 54 */ 55 static const unsigned char kExampleRSAKeyDER[] = { 56 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8, 57 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59, 58 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37, 59 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71, 60 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a, 61 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4, 62 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec, 63 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76, 64 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8, 65 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7, 66 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c, 67 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01, 68 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7, 69 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85, 70 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee, 71 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85, 72 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a, 73 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15, 74 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83, 75 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b, 76 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73, 77 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99, 78 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02, 79 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41, 80 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59, 81 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9, 82 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef, 83 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87, 84 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf, 85 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5, 86 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5, 87 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62, 88 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64, 89 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8, 90 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba, 91 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe, 92 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7, 93 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe, 94 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb, 95 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34, 96 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27, 97 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0, 98 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba, 99 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06, 100 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c, 101 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e, 102 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf, 103 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a, 104 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17, 105 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1, 106 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 107 }; 108 109 /* 110 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you 111 * should never use this key anywhere but in an example. 112 */ 113 #ifndef OPENSSL_NO_DSA 114 static const unsigned char kExampleDSAKeyDER[] = { 115 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a, 116 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d, 117 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f, 118 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42, 119 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38, 120 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e, 121 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e, 122 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04, 123 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4, 124 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b, 125 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14, 126 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e, 127 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3, 128 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef, 129 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f, 130 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef, 131 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38, 132 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f, 133 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4, 134 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d, 135 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86, 136 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6, 137 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a, 138 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19, 139 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff, 140 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f, 141 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0, 142 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69, 143 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07, 144 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9, 145 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79, 146 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f, 147 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c, 148 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12, 149 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45, 150 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8, 151 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe, 152 0x40, 0x48 153 }; 154 #endif 155 156 /* 157 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private 158 * components are not correct. 159 */ 160 static const unsigned char kExampleBadRSAKeyDER[] = { 161 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, 162 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, 163 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, 164 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, 165 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, 166 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, 167 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, 168 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, 169 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, 170 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, 171 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, 172 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, 173 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, 174 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, 175 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, 176 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, 177 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, 178 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, 179 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, 180 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, 181 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, 182 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, 183 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, 184 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, 185 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, 186 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, 187 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, 188 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, 189 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, 190 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, 191 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, 192 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, 193 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, 194 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, 195 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, 196 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, 197 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, 198 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, 199 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, 200 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, 201 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, 202 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, 203 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, 204 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, 205 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, 206 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, 207 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, 208 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, 209 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, 210 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, 211 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, 212 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, 213 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, 214 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, 215 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, 216 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, 217 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, 218 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, 219 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, 220 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, 221 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, 222 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, 223 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, 224 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, 225 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, 226 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, 227 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, 228 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, 229 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, 230 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, 231 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, 232 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, 233 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, 234 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, 235 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, 236 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, 237 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, 238 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, 239 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, 240 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, 241 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, 242 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, 243 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, 244 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, 245 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, 246 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, 247 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, 248 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, 249 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce, 250 }; 251 252 /* 253 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All 254 * values are 0. 255 */ 256 static const unsigned char kExampleBad2RSAKeyDER[] = { 257 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 258 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 259 0x01, 0x00, 0x02, 0x01, 0x00 260 }; 261 262 static const unsigned char kMsg[] = { 1, 2, 3, 4 }; 263 264 static const unsigned char kSignature[] = { 265 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d, 266 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e, 267 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04, 268 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09, 269 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67, 270 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a, 271 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda, 272 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48, 273 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04, 274 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7, 275 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42, 276 }; 277 278 /* 279 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8 280 * PrivateKeyInfo. 281 */ 282 static const unsigned char kExampleRSAKeyPKCS8[] = { 283 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, 284 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, 285 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 286 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 287 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 288 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 289 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 290 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 291 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 292 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 293 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 294 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 295 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 296 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 297 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 298 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 299 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 300 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 301 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 302 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 303 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 304 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 305 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 306 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 307 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 308 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 309 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 310 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 311 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 312 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 313 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 314 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 315 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 316 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 317 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 318 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 319 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 320 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 321 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 322 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 323 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 324 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 325 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 326 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 327 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 328 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 329 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 330 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 331 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 332 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 333 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 334 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 335 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, 336 }; 337 338 #ifndef OPENSSL_NO_EC 339 /* 340 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey 341 * structure. 342 */ 343 static const unsigned char kExampleECKeyDER[] = { 344 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a, 345 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08, 346 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 347 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 348 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 349 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 350 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 351 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 352 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 353 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 354 0xc1, 355 }; 356 357 /* 358 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey 359 * structure. The private key is equal to the order and will fail to import 360 */ 361 static const unsigned char kExampleBadECKeyDER[] = { 362 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 363 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03, 364 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF, 365 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 366 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 367 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00, 368 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 369 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 370 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 371 }; 372 373 /* prime256v1 */ 374 static const unsigned char kExampleECPubKeyDER[] = { 375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 376 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 383 }; 384 385 /* 386 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID 387 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key 388 */ 389 static const unsigned char kExampleBadECPubKeyDER[] = { 390 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 391 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 392 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, 393 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, 394 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, 395 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, 396 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, 397 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 398 }; 399 400 static const unsigned char pExampleECParamDER[] = { 401 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 402 }; 403 404 static const unsigned char kExampleED25519KeyDER[] = { 405 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 406 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a, 407 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46, 408 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50 409 }; 410 411 static const unsigned char kExampleED25519PubKeyDER[] = { 412 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00, 413 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45, 414 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40, 415 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29 416 }; 417 418 # ifndef OPENSSL_NO_DEPRECATED_3_0 419 static const unsigned char kExampleX25519KeyDER[] = { 420 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e, 421 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6, 422 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac, 423 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e 424 }; 425 # endif 426 #endif 427 428 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */ 429 #ifndef OPENSSL_NO_DEPRECATED_3_0 430 # ifndef OPENSSL_NO_DH 431 static const unsigned char kExampleDHKeyDER[] = { 432 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09, 433 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87, 434 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d, 435 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e, 436 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63, 437 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81, 438 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f, 439 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53, 440 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53, 441 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f, 442 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74, 443 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34, 444 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53, 445 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3, 446 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a, 447 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9, 448 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0, 449 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48, 450 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1, 451 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43, 452 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f, 453 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f, 454 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97, 455 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06, 456 0x2e, 0x87, 0x2a, 0x0b, 0x7a 457 }; 458 # endif 459 #endif 460 461 static const unsigned char kCFBDefaultKey[] = { 462 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88, 463 0x09, 0xCF, 0x4F, 0x3C 464 }; 465 466 static const unsigned char kGCMDefaultKey[32] = { 0 }; 467 468 static const unsigned char kGCMResetKey[] = { 469 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94, 470 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 471 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 472 }; 473 474 static const unsigned char iCFBIV[] = { 475 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 476 0x0C, 0x0D, 0x0E, 0x0F 477 }; 478 479 static const unsigned char iGCMDefaultIV[12] = { 0 }; 480 481 static const unsigned char iGCMResetIV1[] = { 482 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad 483 }; 484 485 static const unsigned char iGCMResetIV2[] = { 486 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88 487 }; 488 489 static const unsigned char cfbPlaintext[] = { 490 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 491 0x73, 0x93, 0x17, 0x2A 492 }; 493 static const unsigned char cfbPlaintext_partial[] = { 494 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11, 495 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 496 }; 497 498 static const unsigned char gcmDefaultPlaintext[16] = { 0 }; 499 500 static const unsigned char gcmResetPlaintext[] = { 501 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5, 502 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, 503 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95, 504 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, 505 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39 506 }; 507 508 static const unsigned char cfbCiphertext[] = { 509 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 510 0xE8, 0x3C, 0xFB, 0x4A 511 }; 512 513 static const unsigned char cfbCiphertext_partial[] = { 514 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 515 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35 516 }; 517 518 static const unsigned char ofbCiphertext_partial[] = { 519 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8, 520 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09 521 }; 522 523 static const unsigned char gcmDefaultCiphertext[] = { 524 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3, 525 0xba, 0xf3, 0x9d, 0x18 526 }; 527 528 static const unsigned char gcmResetCiphertext1[] = { 529 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b, 530 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa, 531 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3, 532 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78, 533 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f 534 }; 535 536 static const unsigned char gcmResetCiphertext2[] = { 537 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3, 538 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, 539 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48, 540 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, 541 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62 542 }; 543 544 static const unsigned char gcmAAD[] = { 545 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce, 546 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2 547 }; 548 549 static const unsigned char gcmDefaultTag[] = { 550 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5, 551 0xd4, 0x8a, 0xb9, 0x19 552 }; 553 554 static const unsigned char gcmResetTag1[] = { 555 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13, 556 0xfe, 0x2e, 0xa8, 0xf2 557 }; 558 559 static const unsigned char gcmResetTag2[] = { 560 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53, 561 0xbb, 0x2d, 0x55, 0x1b 562 }; 563 564 typedef struct APK_DATA_st { 565 const unsigned char *kder; 566 size_t size; 567 const char *keytype; 568 int evptype; 569 int check; 570 int pub_check; 571 int param_check; 572 int type; /* 0 for private, 1 for public, 2 for params */ 573 } APK_DATA; 574 575 static APK_DATA keydata[] = { 576 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA}, 577 {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), "RSA", EVP_PKEY_RSA}, 578 #ifndef OPENSSL_NO_EC 579 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC} 580 #endif 581 }; 582 583 static APK_DATA keycheckdata[] = { 584 {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), "RSA", EVP_PKEY_RSA, 1, 1, 1, 585 0}, 586 {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), "RSA", EVP_PKEY_RSA, 587 0, 1, 1, 0}, 588 {kExampleBad2RSAKeyDER, sizeof(kExampleBad2RSAKeyDER), "RSA", EVP_PKEY_RSA, 589 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0}, 590 #ifndef OPENSSL_NO_EC 591 {kExampleECKeyDER, sizeof(kExampleECKeyDER), "EC", EVP_PKEY_EC, 1, 1, 1, 0}, 592 /* group is also associated in our pub key */ 593 {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), "EC", EVP_PKEY_EC, 0, 1, 594 1, 1}, 595 {pExampleECParamDER, sizeof(pExampleECParamDER), "EC", EVP_PKEY_EC, 0, 0, 1, 596 2}, 597 {kExampleED25519KeyDER, sizeof(kExampleED25519KeyDER), "ED25519", 598 EVP_PKEY_ED25519, 1, 1, 1, 0}, 599 {kExampleED25519PubKeyDER, sizeof(kExampleED25519PubKeyDER), "ED25519", 600 EVP_PKEY_ED25519, 0, 1, 1, 1}, 601 #endif 602 }; 603 604 static EVP_PKEY *load_example_key(const char *keytype, 605 const unsigned char *data, size_t data_len) 606 { 607 const unsigned char **pdata = &data; 608 EVP_PKEY *pkey = NULL; 609 OSSL_DECODER_CTX *dctx = 610 OSSL_DECODER_CTX_new_for_pkey(&pkey, "DER", NULL, keytype, 0, 611 testctx, testpropq); 612 613 /* |pkey| will be NULL on error */ 614 (void)OSSL_DECODER_from_data(dctx, pdata, &data_len); 615 OSSL_DECODER_CTX_free(dctx); 616 return pkey; 617 } 618 619 static EVP_PKEY *load_example_rsa_key(void) 620 { 621 return load_example_key("RSA", kExampleRSAKeyDER, 622 sizeof(kExampleRSAKeyDER)); 623 } 624 625 #ifndef OPENSSL_NO_DSA 626 static EVP_PKEY *load_example_dsa_key(void) 627 { 628 return load_example_key("DSA", kExampleDSAKeyDER, 629 sizeof(kExampleDSAKeyDER)); 630 } 631 #endif 632 633 #ifndef OPENSSL_NO_EC 634 static EVP_PKEY *load_example_ec_key(void) 635 { 636 return load_example_key("EC", kExampleECKeyDER, 637 sizeof(kExampleECKeyDER)); 638 } 639 #endif 640 641 #ifndef OPENSSL_NO_DEPRECATED_3_0 642 # ifndef OPENSSL_NO_DH 643 static EVP_PKEY *load_example_dh_key(void) 644 { 645 return load_example_key("DH", kExampleDHKeyDER, 646 sizeof(kExampleDHKeyDER)); 647 } 648 # endif 649 650 # ifndef OPENSSL_NO_EC 651 static EVP_PKEY *load_example_ed25519_key(void) 652 { 653 return load_example_key("ED25519", kExampleED25519KeyDER, 654 sizeof(kExampleED25519KeyDER)); 655 } 656 657 static EVP_PKEY *load_example_x25519_key(void) 658 { 659 return load_example_key("X25519", kExampleX25519KeyDER, 660 sizeof(kExampleX25519KeyDER)); 661 } 662 # endif 663 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 664 665 static EVP_PKEY *load_example_hmac_key(void) 666 { 667 EVP_PKEY *pkey = NULL; 668 unsigned char key[] = { 669 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 670 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 671 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 672 }; 673 674 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, "HMAC", 675 NULL, key, sizeof(key)); 676 if (!TEST_ptr(pkey)) 677 return NULL; 678 679 return pkey; 680 } 681 682 static int test_EVP_set_default_properties(void) 683 { 684 OSSL_LIB_CTX *ctx; 685 EVP_MD *md = NULL; 686 int res = 0; 687 688 if (!TEST_ptr(ctx = OSSL_LIB_CTX_new()) 689 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 690 goto err; 691 EVP_MD_free(md); 692 md = NULL; 693 694 if (!TEST_true(EVP_set_default_properties(ctx, "provider=fizzbang")) 695 || !TEST_ptr_null(md = EVP_MD_fetch(ctx, "sha256", NULL)) 696 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", "-provider"))) 697 goto err; 698 EVP_MD_free(md); 699 md = NULL; 700 701 if (!TEST_true(EVP_set_default_properties(ctx, NULL)) 702 || !TEST_ptr(md = EVP_MD_fetch(ctx, "sha256", NULL))) 703 goto err; 704 res = 1; 705 err: 706 EVP_MD_free(md); 707 OSSL_LIB_CTX_free(ctx); 708 return res; 709 } 710 711 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC) 712 static EVP_PKEY *make_key_fromdata(char *keytype, OSSL_PARAM *params) 713 { 714 EVP_PKEY_CTX *pctx = NULL; 715 EVP_PKEY *tmp_pkey = NULL, *pkey = NULL; 716 717 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, keytype, testpropq))) 718 goto err; 719 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 720 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &tmp_pkey, EVP_PKEY_KEYPAIR, 721 params), 0)) 722 goto err; 723 724 if (!TEST_ptr(tmp_pkey)) 725 goto err; 726 727 pkey = tmp_pkey; 728 tmp_pkey = NULL; 729 err: 730 EVP_PKEY_free(tmp_pkey); 731 EVP_PKEY_CTX_free(pctx); 732 return pkey; 733 } 734 735 static int test_selection(EVP_PKEY *pkey, int selection) 736 { 737 int testresult = 0; 738 int ret; 739 BIO *bio = BIO_new(BIO_s_mem()); 740 741 ret = PEM_write_bio_PUBKEY(bio, pkey); 742 if ((selection & OSSL_KEYMGMT_SELECT_PUBLIC_KEY) != 0) { 743 if (!TEST_true(ret)) 744 goto err; 745 } else { 746 if (!TEST_false(ret)) 747 goto err; 748 } 749 ret = PEM_write_bio_PrivateKey_ex(bio, pkey, NULL, NULL, 0, NULL, NULL, 750 testctx, NULL); 751 if ((selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0) { 752 if (!TEST_true(ret)) 753 goto err; 754 } else { 755 if (!TEST_false(ret)) 756 goto err; 757 } 758 759 testresult = 1; 760 err: 761 BIO_free(bio); 762 763 return testresult; 764 } 765 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */ 766 767 /* 768 * Test combinations of private, public, missing and private + public key 769 * params to ensure they are all accepted 770 */ 771 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) 772 static int test_EVP_PKEY_ffc_priv_pub(char *keytype) 773 { 774 OSSL_PARAM_BLD *bld = NULL; 775 OSSL_PARAM *params = NULL; 776 EVP_PKEY *just_params = NULL; 777 EVP_PKEY *params_and_priv = NULL; 778 EVP_PKEY *params_and_pub = NULL; 779 EVP_PKEY *params_and_keypair = NULL; 780 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 781 int ret = 0; 782 783 /* 784 * Setup the parameters for our pkey object. For our purposes they don't 785 * have to actually be *valid* parameters. We just need to set something. 786 */ 787 if (!TEST_ptr(p = BN_new()) 788 || !TEST_ptr(q = BN_new()) 789 || !TEST_ptr(g = BN_new()) 790 || !TEST_ptr(pub = BN_new()) 791 || !TEST_ptr(priv = BN_new())) 792 goto err; 793 794 /* Test !priv and !pub */ 795 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 796 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g))) 799 goto err; 800 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 801 || !TEST_ptr(just_params = make_key_fromdata(keytype, params))) 802 goto err; 803 804 OSSL_PARAM_free(params); 805 OSSL_PARAM_BLD_free(bld); 806 params = NULL; 807 bld = NULL; 808 809 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 810 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 811 goto err; 812 813 /* Test priv and !pub */ 814 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 815 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 816 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 817 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 819 priv))) 820 goto err; 821 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 822 || !TEST_ptr(params_and_priv = make_key_fromdata(keytype, params))) 823 goto err; 824 825 OSSL_PARAM_free(params); 826 OSSL_PARAM_BLD_free(bld); 827 params = NULL; 828 bld = NULL; 829 830 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PRIVATE_KEY) 831 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 832 goto err; 833 834 /* Test !priv and pub */ 835 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 836 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 837 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 838 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 840 pub))) 841 goto err; 842 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 843 || !TEST_ptr(params_and_pub = make_key_fromdata(keytype, params))) 844 goto err; 845 846 OSSL_PARAM_free(params); 847 OSSL_PARAM_BLD_free(bld); 848 params = NULL; 849 bld = NULL; 850 851 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 852 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 853 goto err; 854 855 /* Test priv and pub */ 856 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 857 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 858 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 859 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 860 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 861 pub)) 862 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 863 priv))) 864 goto err; 865 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 866 || !TEST_ptr(params_and_keypair = make_key_fromdata(keytype, params))) 867 goto err; 868 869 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 870 goto err; 871 872 ret = 1; 873 err: 874 OSSL_PARAM_free(params); 875 OSSL_PARAM_BLD_free(bld); 876 EVP_PKEY_free(just_params); 877 EVP_PKEY_free(params_and_priv); 878 EVP_PKEY_free(params_and_pub); 879 EVP_PKEY_free(params_and_keypair); 880 BN_free(p); 881 BN_free(q); 882 BN_free(g); 883 BN_free(pub); 884 BN_free(priv); 885 886 return ret; 887 } 888 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */ 889 890 /* 891 * Test combinations of private, public, missing and private + public key 892 * params to ensure they are all accepted for EC keys 893 */ 894 #ifndef OPENSSL_NO_EC 895 static unsigned char ec_priv[] = { 896 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23, 897 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5, 898 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16 899 }; 900 static unsigned char ec_pub[] = { 901 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97, 902 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81, 903 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d, 904 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e, 905 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1, 906 0x08, 0x09, 0xb8, 0xdb, 0x03 907 }; 908 909 static int test_EC_priv_pub(void) 910 { 911 OSSL_PARAM_BLD *bld = NULL; 912 OSSL_PARAM *params = NULL; 913 EVP_PKEY *just_params = NULL; 914 EVP_PKEY *params_and_priv = NULL; 915 EVP_PKEY *params_and_pub = NULL; 916 EVP_PKEY *params_and_keypair = NULL; 917 BIGNUM *priv = NULL; 918 int ret = 0; 919 unsigned char *encoded = NULL; 920 size_t len = 0; 921 unsigned char buffer[128]; 922 923 /* 924 * Setup the parameters for our pkey object. For our purposes they don't 925 * have to actually be *valid* parameters. We just need to set something. 926 */ 927 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 928 goto err; 929 930 /* Test !priv and !pub */ 931 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 932 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 933 OSSL_PKEY_PARAM_GROUP_NAME, 934 "P-256", 0))) 935 goto err; 936 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 937 || !TEST_ptr(just_params = make_key_fromdata("EC", params))) 938 goto err; 939 940 OSSL_PARAM_free(params); 941 OSSL_PARAM_BLD_free(bld); 942 params = NULL; 943 bld = NULL; 944 945 if (!test_selection(just_params, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 946 || test_selection(just_params, OSSL_KEYMGMT_SELECT_KEYPAIR)) 947 goto err; 948 949 /* Test priv and !pub */ 950 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 951 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 952 OSSL_PKEY_PARAM_GROUP_NAME, 953 "P-256", 0)) 954 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 955 priv))) 956 goto err; 957 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 958 || !TEST_ptr(params_and_priv = make_key_fromdata("EC", params))) 959 goto err; 960 961 OSSL_PARAM_free(params); 962 OSSL_PARAM_BLD_free(bld); 963 params = NULL; 964 bld = NULL; 965 966 /* 967 * We indicate only parameters here, in spite of having built a key that 968 * has a private part, because the PEM_write_bio_PrivateKey_ex call is 969 * expected to fail because it does not support exporting a private EC 970 * key without a corresponding public key 971 */ 972 if (!test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) 973 || test_selection(params_and_priv, OSSL_KEYMGMT_SELECT_PUBLIC_KEY)) 974 goto err; 975 976 /* Test !priv and pub */ 977 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 978 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 979 OSSL_PKEY_PARAM_GROUP_NAME, 980 "P-256", 0)) 981 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 982 OSSL_PKEY_PARAM_PUB_KEY, 983 ec_pub, sizeof(ec_pub)))) 984 goto err; 985 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 986 || !TEST_ptr(params_and_pub = make_key_fromdata("EC", params))) 987 goto err; 988 989 OSSL_PARAM_free(params); 990 OSSL_PARAM_BLD_free(bld); 991 params = NULL; 992 bld = NULL; 993 994 if (!test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PUBLIC_KEY) 995 || test_selection(params_and_pub, OSSL_KEYMGMT_SELECT_PRIVATE_KEY)) 996 goto err; 997 998 /* Test priv and pub */ 999 if (!TEST_ptr(bld = OSSL_PARAM_BLD_new()) 1000 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld, 1001 OSSL_PKEY_PARAM_GROUP_NAME, 1002 "P-256", 0)) 1003 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld, 1004 OSSL_PKEY_PARAM_PUB_KEY, 1005 ec_pub, sizeof(ec_pub))) 1006 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 1007 priv))) 1008 goto err; 1009 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld)) 1010 || !TEST_ptr(params_and_keypair = make_key_fromdata("EC", params))) 1011 goto err; 1012 1013 if (!test_selection(params_and_keypair, EVP_PKEY_KEYPAIR)) 1014 goto err; 1015 1016 /* Try key equality */ 1017 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params, just_params), 0) 1018 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_pub), 1019 0) 1020 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_priv), 1021 0) 1022 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params, params_and_keypair), 1023 0) 1024 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub, params_and_pub), 0) 1025 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv, params_and_priv), 0) 1026 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_pub), 0) 1027 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair, params_and_priv), 0)) 1028 goto err; 1029 1030 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */ 1031 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub, &encoded), 0)) 1032 goto err; 1033 OPENSSL_free(encoded); 1034 encoded = NULL; 1035 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params, &encoded), 0)) { 1036 OPENSSL_free(encoded); 1037 encoded = NULL; 1038 goto err; 1039 } 1040 1041 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */ 1042 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1043 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1044 buffer, sizeof(buffer), &len), 1) 1045 || !TEST_int_eq(len, 65)) 1046 goto err; 1047 1048 len = 0; 1049 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1050 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1051 NULL, 0, &len), 1) 1052 || !TEST_int_eq(len, 65)) 1053 goto err; 1054 1055 /* too-short buffer len*/ 1056 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub, 1057 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY, 1058 buffer, 10, &len), 0)) 1059 goto err; 1060 1061 ret = 1; 1062 err: 1063 OSSL_PARAM_free(params); 1064 OSSL_PARAM_BLD_free(bld); 1065 EVP_PKEY_free(just_params); 1066 EVP_PKEY_free(params_and_priv); 1067 EVP_PKEY_free(params_and_pub); 1068 EVP_PKEY_free(params_and_keypair); 1069 BN_free(priv); 1070 1071 return ret; 1072 } 1073 1074 /* Test that using a legacy EC key with only a private key in it works */ 1075 # ifndef OPENSSL_NO_DEPRECATED_3_0 1076 static int test_EC_priv_only_legacy(void) 1077 { 1078 BIGNUM *priv = NULL; 1079 int ret = 0; 1080 EC_KEY *eckey = NULL; 1081 EVP_PKEY *pkey = NULL, *dup_pk = NULL; 1082 EVP_MD_CTX *ctx = NULL; 1083 1084 /* Create the low level EC_KEY */ 1085 if (!TEST_ptr(priv = BN_bin2bn(ec_priv, sizeof(ec_priv), NULL))) 1086 goto err; 1087 1088 eckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); 1089 if (!TEST_ptr(eckey)) 1090 goto err; 1091 1092 if (!TEST_true(EC_KEY_set_private_key(eckey, priv))) 1093 goto err; 1094 1095 pkey = EVP_PKEY_new(); 1096 if (!TEST_ptr(pkey)) 1097 goto err; 1098 1099 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) 1100 goto err; 1101 eckey = NULL; 1102 1103 for (;;) { 1104 ret = 0; 1105 ctx = EVP_MD_CTX_new(); 1106 if (!TEST_ptr(ctx)) 1107 goto err; 1108 1109 /* 1110 * The EVP_DigestSignInit function should create the key on the 1111 * provider side which is sufficient for this test. 1112 */ 1113 if (!TEST_true(EVP_DigestSignInit_ex(ctx, NULL, NULL, testctx, 1114 testpropq, pkey, NULL))) 1115 goto err; 1116 EVP_MD_CTX_free(ctx); 1117 ctx = NULL; 1118 1119 if (dup_pk != NULL) 1120 break; 1121 1122 if (!TEST_ptr(dup_pk = EVP_PKEY_dup(pkey))) 1123 goto err; 1124 /* EVP_PKEY_eq() returns -2 with missing public keys */ 1125 ret = TEST_int_eq(EVP_PKEY_eq(pkey, dup_pk), -2); 1126 EVP_PKEY_free(pkey); 1127 pkey = dup_pk; 1128 if (!ret) 1129 goto err; 1130 } 1131 ret = 1; 1132 1133 err: 1134 EVP_MD_CTX_free(ctx); 1135 EVP_PKEY_free(pkey); 1136 EC_KEY_free(eckey); 1137 BN_free(priv); 1138 1139 return ret; 1140 } 1141 # endif /* OPENSSL_NO_DEPRECATED_3_0 */ 1142 #endif /* OPENSSL_NO_EC */ 1143 1144 static int test_EVP_PKEY_sign(int tst) 1145 { 1146 int ret = 0; 1147 EVP_PKEY *pkey = NULL; 1148 unsigned char *sig = NULL; 1149 size_t sig_len = 0, shortsig_len = 1; 1150 EVP_PKEY_CTX *ctx = NULL; 1151 unsigned char tbs[] = { 1152 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1153 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1154 }; 1155 1156 if (tst == 0 ) { 1157 if (!TEST_ptr(pkey = load_example_rsa_key())) 1158 goto out; 1159 } else if (tst == 1) { 1160 #ifndef OPENSSL_NO_DSA 1161 if (!TEST_ptr(pkey = load_example_dsa_key())) 1162 goto out; 1163 #else 1164 ret = 1; 1165 goto out; 1166 #endif 1167 } else { 1168 #ifndef OPENSSL_NO_EC 1169 if (!TEST_ptr(pkey = load_example_ec_key())) 1170 goto out; 1171 #else 1172 ret = 1; 1173 goto out; 1174 #endif 1175 } 1176 1177 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1178 if (!TEST_ptr(ctx) 1179 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1180 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1181 sizeof(tbs)), 0)) 1182 goto out; 1183 sig = OPENSSL_malloc(sig_len); 1184 if (!TEST_ptr(sig) 1185 /* Test sending a signature buffer that is too short is rejected */ 1186 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1187 sizeof(tbs)), 0) 1188 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1189 0) 1190 /* Test the signature round-trips */ 1191 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1192 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1193 0)) 1194 goto out; 1195 1196 ret = 1; 1197 out: 1198 EVP_PKEY_CTX_free(ctx); 1199 OPENSSL_free(sig); 1200 EVP_PKEY_free(pkey); 1201 return ret; 1202 } 1203 1204 #ifndef OPENSSL_NO_DEPRECATED_3_0 1205 static int test_EVP_PKEY_sign_with_app_method(int tst) 1206 { 1207 int ret = 0; 1208 EVP_PKEY *pkey = NULL; 1209 RSA *rsa = NULL; 1210 RSA_METHOD *rsa_meth = NULL; 1211 #ifndef OPENSSL_NO_DSA 1212 DSA *dsa = NULL; 1213 DSA_METHOD *dsa_meth = NULL; 1214 #endif 1215 unsigned char *sig = NULL; 1216 size_t sig_len = 0, shortsig_len = 1; 1217 EVP_PKEY_CTX *ctx = NULL; 1218 unsigned char tbs[] = { 1219 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 1220 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13 1221 }; 1222 1223 if (tst == 0) { 1224 if (!TEST_ptr(pkey = load_example_rsa_key())) 1225 goto out; 1226 if (!TEST_ptr(rsa_meth = RSA_meth_dup(RSA_get_default_method()))) 1227 goto out; 1228 1229 if (!TEST_ptr(rsa = EVP_PKEY_get1_RSA(pkey)) 1230 || !TEST_int_gt(RSA_set_method(rsa, rsa_meth), 0) 1231 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey, rsa), 0)) 1232 goto out; 1233 rsa = NULL; /* now owned by the pkey */ 1234 } else { 1235 #ifndef OPENSSL_NO_DSA 1236 if (!TEST_ptr(pkey = load_example_dsa_key())) 1237 goto out; 1238 if (!TEST_ptr(dsa_meth = DSA_meth_dup(DSA_get_default_method()))) 1239 goto out; 1240 1241 if (!TEST_ptr(dsa = EVP_PKEY_get1_DSA(pkey)) 1242 || !TEST_int_gt(DSA_set_method(dsa, dsa_meth), 0) 1243 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey, dsa), 0)) 1244 goto out; 1245 dsa = NULL; /* now owned by the pkey */ 1246 #else 1247 ret = 1; 1248 goto out; 1249 #endif 1250 } 1251 1252 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL); 1253 if (!TEST_ptr(ctx) 1254 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0) 1255 || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs, 1256 sizeof(tbs)), 0)) 1257 goto out; 1258 sig = OPENSSL_malloc(sig_len); 1259 if (!TEST_ptr(sig) 1260 /* Test sending a signature buffer that is too short is rejected */ 1261 || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs, 1262 sizeof(tbs)), 0) 1263 || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)), 1264 0) 1265 /* Test the signature round-trips */ 1266 || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0) 1267 || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)), 1268 0)) 1269 goto out; 1270 1271 ret = 1; 1272 out: 1273 EVP_PKEY_CTX_free(ctx); 1274 OPENSSL_free(sig); 1275 EVP_PKEY_free(pkey); 1276 RSA_free(rsa); 1277 RSA_meth_free(rsa_meth); 1278 #ifndef OPENSSL_NO_DSA 1279 DSA_free(dsa); 1280 DSA_meth_free(dsa_meth); 1281 #endif 1282 return ret; 1283 } 1284 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 1285 1286 /* 1287 * n = 0 => test using legacy cipher 1288 * n = 1 => test using fetched cipher 1289 */ 1290 static int test_EVP_Enveloped(int n) 1291 { 1292 int ret = 0; 1293 EVP_CIPHER_CTX *ctx = NULL; 1294 EVP_PKEY *keypair = NULL; 1295 unsigned char *kek = NULL; 1296 unsigned char iv[EVP_MAX_IV_LENGTH]; 1297 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; 1298 int len, kek_len, ciphertext_len, plaintext_len; 1299 unsigned char ciphertext[32], plaintext[16]; 1300 EVP_CIPHER *type = NULL; 1301 1302 if (nullprov != NULL) 1303 return TEST_skip("Test does not support a non-default library context"); 1304 1305 if (n == 0) 1306 type = (EVP_CIPHER *)EVP_aes_256_cbc(); 1307 else if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "AES-256-CBC", 1308 testpropq))) 1309 goto err; 1310 1311 if (!TEST_ptr(keypair = load_example_rsa_key()) 1312 || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_get_size(keypair))) 1313 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 1314 || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, 1315 &keypair, 1)) 1316 || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, 1317 msg, sizeof(msg))) 1318 || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, 1319 &len))) 1320 goto err; 1321 1322 ciphertext_len += len; 1323 1324 if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) 1325 || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, 1326 ciphertext, ciphertext_len)) 1327 || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) 1328 goto err; 1329 1330 plaintext_len += len; 1331 if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) 1332 goto err; 1333 1334 ret = 1; 1335 err: 1336 if (n != 0) 1337 EVP_CIPHER_free(type); 1338 OPENSSL_free(kek); 1339 EVP_PKEY_free(keypair); 1340 EVP_CIPHER_CTX_free(ctx); 1341 return ret; 1342 } 1343 1344 /* 1345 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA) 1346 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA) 1347 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC) 1348 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA) 1349 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA) 1350 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC) 1351 * Test 6: Use an MD BIO to do the Update calls instead (RSA) 1352 * Test 7: Use an MD BIO to do the Update calls instead (DSA) 1353 * Test 8: Use an MD BIO to do the Update calls instead (HMAC) 1354 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig) 1355 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig) 1356 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig) 1357 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA) 1358 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA) 1359 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC) 1360 * Test 15-29: Same as above with reinitialization 1361 */ 1362 static int test_EVP_DigestSignInit(int tst) 1363 { 1364 int ret = 0; 1365 EVP_PKEY *pkey = NULL; 1366 unsigned char *sig = NULL, *sig2 = NULL; 1367 size_t sig_len = 0, sig2_len = 0, shortsig_len = 1; 1368 EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL; 1369 EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL; 1370 BIO *mdbio = NULL, *membio = NULL; 1371 size_t written; 1372 const EVP_MD *md; 1373 EVP_MD *mdexp = NULL; 1374 int reinit = 0; 1375 1376 if (nullprov != NULL) 1377 return TEST_skip("Test does not support a non-default library context"); 1378 1379 if (tst >= 15) { 1380 reinit = 1; 1381 tst -= 15; 1382 } 1383 1384 if (tst >= 6 && tst <= 8) { 1385 membio = BIO_new(BIO_s_mem()); 1386 mdbio = BIO_new(BIO_f_md()); 1387 if (!TEST_ptr(membio) || !TEST_ptr(mdbio)) 1388 goto out; 1389 BIO_push(mdbio, membio); 1390 if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0)) 1391 goto out; 1392 } else { 1393 if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new()) 1394 || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new())) 1395 goto out; 1396 } 1397 1398 if (tst % 3 == 0) { 1399 if (!TEST_ptr(pkey = load_example_rsa_key())) 1400 goto out; 1401 } else if (tst % 3 == 1) { 1402 #ifndef OPENSSL_NO_DSA 1403 if (!TEST_ptr(pkey = load_example_dsa_key())) 1404 goto out; 1405 #else 1406 ret = 1; 1407 goto out; 1408 #endif 1409 } else { 1410 if (!TEST_ptr(pkey = load_example_hmac_key())) 1411 goto out; 1412 } 1413 1414 if (tst >= 3 && tst <= 5) 1415 md = mdexp = EVP_MD_fetch(NULL, "SHA256", NULL); 1416 else 1417 md = EVP_sha256(); 1418 1419 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey))) 1420 goto out; 1421 1422 if (reinit && !TEST_true(EVP_DigestSignInit(md_ctx, NULL, NULL, NULL, NULL))) 1423 goto out; 1424 1425 if (tst >= 6 && tst <= 8) { 1426 if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)) 1427 goto out; 1428 } else if (tst < 6) { 1429 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 1430 goto out; 1431 } 1432 1433 if (tst >= 9) { 1434 /* Determine the size of the signature. */ 1435 if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg, 1436 sizeof(kMsg))) 1437 || !TEST_ptr(sig = OPENSSL_malloc(sig_len))) 1438 goto out; 1439 if (tst <= 11) { 1440 /* Test that supply a short sig buffer fails */ 1441 if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg, 1442 sizeof(kMsg)))) 1443 goto out; 1444 /* 1445 * We end here because once EVP_DigestSign() has failed you should 1446 * not call it again without re-initing the ctx 1447 */ 1448 ret = 1; 1449 goto out; 1450 } 1451 if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg, 1452 sizeof(kMsg)))) 1453 goto out; 1454 } else { 1455 /* Determine the size of the signature. */ 1456 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) 1457 || !TEST_ptr(sig = OPENSSL_malloc(sig_len)) 1458 /* 1459 * Trying to create a signature with a deliberately short 1460 * buffer should fail. 1461 */ 1462 || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len)) 1463 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 1464 goto out; 1465 } 1466 1467 /* 1468 * Ensure that the signature round-trips (Verification isn't supported for 1469 * HMAC via EVP_DigestVerify*) 1470 */ 1471 if (tst % 3 != 2) { 1472 if (tst >= 6 && tst <= 8) { 1473 if (!TEST_int_gt(BIO_reset(mdbio), 0) 1474 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) 1475 goto out; 1476 } 1477 1478 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, md, 1479 NULL, pkey))) 1480 goto out; 1481 1482 if (tst >= 6 && tst <= 8) { 1483 if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))) 1484 goto out; 1485 } else { 1486 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, 1487 sizeof(kMsg)))) 1488 goto out; 1489 } 1490 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1491 goto out; 1492 1493 /* Multiple calls to EVP_DigestVerifyFinal should work */ 1494 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 1495 goto out; 1496 } else { 1497 /* 1498 * For HMAC a doubled call to DigestSignFinal should produce the same 1499 * value as finalization should not happen. 1500 */ 1501 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig2_len)) 1502 || !TEST_ptr(sig2 = OPENSSL_malloc(sig2_len)) 1503 || !TEST_true(EVP_DigestSignFinal(md_ctx, sig2, &sig2_len))) 1504 goto out; 1505 1506 if (!TEST_mem_eq(sig, sig_len, sig2, sig2_len)) 1507 goto out; 1508 } 1509 1510 ret = 1; 1511 1512 out: 1513 BIO_free(membio); 1514 BIO_free(mdbio); 1515 EVP_MD_CTX_free(a_md_ctx); 1516 EVP_MD_CTX_free(a_md_ctx_verify); 1517 EVP_PKEY_free(pkey); 1518 OPENSSL_free(sig); 1519 OPENSSL_free(sig2); 1520 EVP_MD_free(mdexp); 1521 1522 return ret; 1523 } 1524 1525 static int test_EVP_DigestVerifyInit(void) 1526 { 1527 int ret = 0; 1528 EVP_PKEY *pkey = NULL; 1529 EVP_MD_CTX *md_ctx = NULL; 1530 1531 if (nullprov != NULL) 1532 return TEST_skip("Test does not support a non-default library context"); 1533 1534 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) 1535 || !TEST_ptr(pkey = load_example_rsa_key())) 1536 goto out; 1537 1538 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) 1539 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 1540 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 1541 sizeof(kSignature)), 0)) 1542 goto out; 1543 1544 /* test with reinitialization */ 1545 if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, NULL, NULL, NULL)) 1546 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) 1547 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx, kSignature, 1548 sizeof(kSignature)), 0)) 1549 goto out; 1550 ret = 1; 1551 1552 out: 1553 EVP_MD_CTX_free(md_ctx); 1554 EVP_PKEY_free(pkey); 1555 return ret; 1556 } 1557 1558 #ifndef OPENSSL_NO_SIPHASH 1559 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */ 1560 static int test_siphash_digestsign(void) 1561 { 1562 unsigned char key[16]; 1563 unsigned char buf[8], digest[8]; 1564 unsigned char expected[8] = { 1565 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2 1566 }; 1567 EVP_PKEY *pkey = NULL; 1568 EVP_MD_CTX *mdctx = NULL; 1569 EVP_PKEY_CTX *ctx = NULL; 1570 int ret = 0; 1571 size_t len = 8; 1572 1573 if (nullprov != NULL) 1574 return TEST_skip("Test does not support a non-default library context"); 1575 1576 memset(buf, 0, 8); 1577 memset(key, 1, 16); 1578 if (!TEST_ptr(pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH, NULL, 1579 key, 16))) 1580 goto out; 1581 1582 if (!TEST_ptr(mdctx = EVP_MD_CTX_create())) 1583 goto out; 1584 1585 if (!TEST_true(EVP_DigestSignInit(mdctx, &ctx, NULL, NULL, pkey))) 1586 goto out; 1587 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx, -1, EVP_PKEY_OP_SIGNCTX, 1588 EVP_PKEY_CTRL_SET_DIGEST_SIZE, 1589 8, NULL), 1)) 1590 goto out; 1591 /* reinitialize */ 1592 if (!TEST_true(EVP_DigestSignInit(mdctx, NULL, NULL, NULL, NULL))) 1593 goto out; 1594 if (!TEST_true(EVP_DigestSignUpdate(mdctx, buf, 8))) 1595 goto out; 1596 if (!TEST_true(EVP_DigestSignFinal(mdctx, digest, &len))) 1597 goto out; 1598 if (!TEST_mem_eq(digest, len, expected, sizeof(expected))) 1599 goto out; 1600 1601 ret = 1; 1602 out: 1603 EVP_PKEY_free(pkey); 1604 EVP_MD_CTX_free(mdctx); 1605 return ret; 1606 } 1607 #endif 1608 1609 /* 1610 * Test corner cases of EVP_DigestInit/Update/Final API call behavior. 1611 */ 1612 static int test_EVP_Digest(void) 1613 { 1614 int ret = 0; 1615 EVP_MD_CTX *md_ctx = NULL; 1616 unsigned char md[EVP_MAX_MD_SIZE]; 1617 EVP_MD *sha256 = NULL; 1618 EVP_MD *shake256 = NULL; 1619 1620 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 1621 goto out; 1622 1623 if (!TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", testpropq)) 1624 || !TEST_ptr(shake256 = EVP_MD_fetch(testctx, "shake256", testpropq))) 1625 goto out; 1626 1627 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 1628 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 1629 || !TEST_true(EVP_DigestFinal(md_ctx, md, NULL)) 1630 /* EVP_DigestFinal resets the EVP_MD_CTX. */ 1631 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx), NULL)) 1632 goto out; 1633 1634 if (!TEST_true(EVP_DigestInit_ex(md_ctx, sha256, NULL)) 1635 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 1636 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md, NULL)) 1637 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */ 1638 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 1639 /* 1640 * EVP_DigestInit_ex with NULL type should work on 1641 * pre-initialized context. 1642 */ 1643 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 1644 goto out; 1645 1646 if (!TEST_true(EVP_DigestInit_ex(md_ctx, shake256, NULL)) 1647 || !TEST_true(EVP_DigestUpdate(md_ctx, kMsg, sizeof(kMsg))) 1648 || !TEST_true(EVP_DigestFinalXOF(md_ctx, md, sizeof(md))) 1649 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */ 1650 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx)) 1651 || !TEST_true(EVP_DigestInit_ex(md_ctx, NULL, NULL))) 1652 goto out; 1653 ret = 1; 1654 1655 out: 1656 EVP_MD_CTX_free(md_ctx); 1657 EVP_MD_free(sha256); 1658 EVP_MD_free(shake256); 1659 return ret; 1660 } 1661 1662 static int test_EVP_md_null(void) 1663 { 1664 int ret = 0; 1665 EVP_MD_CTX *md_ctx = NULL; 1666 const EVP_MD *md_null = EVP_md_null(); 1667 unsigned char md_value[EVP_MAX_MD_SIZE]; 1668 unsigned int md_len = sizeof(md_value); 1669 1670 if (nullprov != NULL) 1671 return TEST_skip("Test does not support a non-default library context"); 1672 1673 if (!TEST_ptr(md_null) 1674 || !TEST_ptr(md_ctx = EVP_MD_CTX_new())) 1675 goto out; 1676 1677 if (!TEST_true(EVP_DigestInit_ex(md_ctx, md_null, NULL)) 1678 || !TEST_true(EVP_DigestUpdate(md_ctx, "test", 4)) 1679 || !TEST_true(EVP_DigestFinal_ex(md_ctx, md_value, &md_len))) 1680 goto out; 1681 1682 if (!TEST_uint_eq(md_len, 0)) 1683 goto out; 1684 1685 ret = 1; 1686 out: 1687 EVP_MD_CTX_free(md_ctx); 1688 return ret; 1689 } 1690 1691 static int test_d2i_AutoPrivateKey(int i) 1692 { 1693 int ret = 0; 1694 const unsigned char *p; 1695 EVP_PKEY *pkey = NULL; 1696 const APK_DATA *ak = &keydata[i]; 1697 const unsigned char *input = ak->kder; 1698 size_t input_len = ak->size; 1699 int expected_id = ak->evptype; 1700 1701 p = input; 1702 if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) 1703 || !TEST_ptr_eq(p, input + input_len) 1704 || !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 1705 goto done; 1706 1707 ret = 1; 1708 1709 done: 1710 EVP_PKEY_free(pkey); 1711 return ret; 1712 } 1713 1714 #ifndef OPENSSL_NO_EC 1715 1716 static const unsigned char ec_public_sect163k1_validxy[] = { 1717 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 1718 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 1719 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 1720 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b, 1721 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 1722 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 1723 }; 1724 1725 static const unsigned char ec_public_sect163k1_badx[] = { 1726 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 1727 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 1728 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 1729 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b, 1730 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 1731 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f 1732 }; 1733 1734 static const unsigned char ec_public_sect163k1_bady[] = { 1735 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 1736 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, 1737 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, 1738 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b, 1739 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, 1740 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6 1741 }; 1742 1743 static struct ec_der_pub_keys_st { 1744 const unsigned char *der; 1745 size_t len; 1746 int valid; 1747 } ec_der_pub_keys[] = { 1748 { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 }, 1749 { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 }, 1750 { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 }, 1751 }; 1752 1753 /* 1754 * Tests the range of the decoded EC char2 public point. 1755 * See ec_GF2m_simple_oct2point(). 1756 */ 1757 static int test_invalide_ec_char2_pub_range_decode(int id) 1758 { 1759 int ret = 0; 1760 EVP_PKEY *pkey; 1761 1762 pkey = load_example_key("EC", ec_der_pub_keys[id].der, 1763 ec_der_pub_keys[id].len); 1764 1765 ret = (ec_der_pub_keys[id].valid && TEST_ptr(pkey)) 1766 || TEST_ptr_null(pkey); 1767 EVP_PKEY_free(pkey); 1768 return ret; 1769 } 1770 1771 /* Tests loading a bad key in PKCS8 format */ 1772 static int test_EVP_PKCS82PKEY(void) 1773 { 1774 int ret = 0; 1775 const unsigned char *derp = kExampleBadECKeyDER; 1776 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 1777 EVP_PKEY *pkey = NULL; 1778 1779 if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, 1780 sizeof(kExampleBadECKeyDER)))) 1781 goto done; 1782 1783 if (!TEST_ptr_eq(derp, 1784 kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) 1785 goto done; 1786 1787 if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) 1788 goto done; 1789 1790 ret = 1; 1791 1792 done: 1793 PKCS8_PRIV_KEY_INFO_free(p8inf); 1794 EVP_PKEY_free(pkey); 1795 1796 return ret; 1797 } 1798 1799 #endif 1800 static int test_EVP_PKCS82PKEY_wrong_tag(void) 1801 { 1802 EVP_PKEY *pkey = NULL; 1803 EVP_PKEY *pkey2 = NULL; 1804 BIO *membio = NULL; 1805 char *membuf = NULL; 1806 PKCS8_PRIV_KEY_INFO *p8inf = NULL; 1807 int ok = 0; 1808 1809 if (testctx != NULL) 1810 /* test not supported with non-default context */ 1811 return 1; 1812 1813 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 1814 || !TEST_ptr(pkey = load_example_rsa_key()) 1815 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 1816 NULL, 0, NULL, NULL), 1817 0) 1818 || !TEST_int_gt(BIO_get_mem_data(membio, &membuf), 0) 1819 || !TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO_bio(membio, NULL)) 1820 || !TEST_ptr(pkey2 = EVP_PKCS82PKEY(p8inf)) 1821 || !TEST_int_eq(ERR_peek_last_error(), 0)) { 1822 goto done; 1823 } 1824 1825 ok = 1; 1826 done: 1827 EVP_PKEY_free(pkey); 1828 EVP_PKEY_free(pkey2); 1829 PKCS8_PRIV_KEY_INFO_free(p8inf); 1830 BIO_free_all(membio); 1831 return ok; 1832 } 1833 1834 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */ 1835 static int test_privatekey_to_pkcs8(void) 1836 { 1837 EVP_PKEY *pkey = NULL; 1838 BIO *membio = NULL; 1839 char *membuf = NULL; 1840 long membuf_len = 0; 1841 int ok = 0; 1842 1843 if (!TEST_ptr(membio = BIO_new(BIO_s_mem())) 1844 || !TEST_ptr(pkey = load_example_rsa_key()) 1845 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio, pkey, NULL, 1846 NULL, 0, NULL, NULL), 1847 0) 1848 || !TEST_int_gt(membuf_len = BIO_get_mem_data(membio, &membuf), 0) 1849 || !TEST_ptr(membuf) 1850 || !TEST_mem_eq(membuf, (size_t)membuf_len, 1851 kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8)) 1852 /* 1853 * We try to write PEM as well, just to see that it doesn't err, but 1854 * assume that the result is correct. 1855 */ 1856 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio, pkey, NULL, 1857 NULL, 0, NULL, NULL), 1858 0)) 1859 goto done; 1860 1861 ok = 1; 1862 done: 1863 EVP_PKEY_free(pkey); 1864 BIO_free_all(membio); 1865 return ok; 1866 } 1867 1868 #ifndef OPENSSL_NO_EC 1869 static const struct { 1870 int encoding; 1871 const char *encoding_name; 1872 } ec_encodings[] = { 1873 { OPENSSL_EC_EXPLICIT_CURVE, OSSL_PKEY_EC_ENCODING_EXPLICIT }, 1874 { OPENSSL_EC_NAMED_CURVE, OSSL_PKEY_EC_ENCODING_GROUP } 1875 }; 1876 1877 static int ec_export_get_encoding_cb(const OSSL_PARAM params[], void *arg) 1878 { 1879 const OSSL_PARAM *p; 1880 const char *enc_name = NULL; 1881 int *enc = arg; 1882 size_t i; 1883 1884 *enc = -1; 1885 1886 if (!TEST_ptr(p = OSSL_PARAM_locate_const(params, 1887 OSSL_PKEY_PARAM_EC_ENCODING)) 1888 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p, &enc_name))) 1889 return 0; 1890 1891 for (i = 0; i < OSSL_NELEM(ec_encodings); i++) { 1892 if (OPENSSL_strcasecmp(enc_name, ec_encodings[i].encoding_name) == 0) { 1893 *enc = ec_encodings[i].encoding; 1894 break; 1895 } 1896 } 1897 1898 return (*enc != -1); 1899 } 1900 1901 static int test_EC_keygen_with_enc(int idx) 1902 { 1903 EVP_PKEY *params = NULL, *key = NULL; 1904 EVP_PKEY_CTX *pctx = NULL, *kctx = NULL; 1905 int enc; 1906 int ret = 0; 1907 1908 enc = ec_encodings[idx].encoding; 1909 1910 /* Create key parameters */ 1911 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "EC", NULL)) 1912 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx), 0) 1913 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx, "P-256"), 0) 1914 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx, enc), 0) 1915 || !TEST_true(EVP_PKEY_paramgen(pctx, ¶ms)) 1916 || !TEST_ptr(params)) 1917 goto done; 1918 1919 /* Create key */ 1920 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, params, NULL)) 1921 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 1922 || !TEST_true(EVP_PKEY_keygen(kctx, &key)) 1923 || !TEST_ptr(key)) 1924 goto done; 1925 1926 /* Check that the encoding got all the way into the key */ 1927 if (!TEST_true(evp_keymgmt_util_export(key, OSSL_KEYMGMT_SELECT_ALL, 1928 ec_export_get_encoding_cb, &enc)) 1929 || !TEST_int_eq(enc, ec_encodings[idx].encoding)) 1930 goto done; 1931 1932 ret = 1; 1933 done: 1934 EVP_PKEY_free(key); 1935 EVP_PKEY_free(params); 1936 EVP_PKEY_CTX_free(kctx); 1937 EVP_PKEY_CTX_free(pctx); 1938 return ret; 1939 } 1940 #endif 1941 1942 #if !defined(OPENSSL_NO_SM2) 1943 1944 static int test_EVP_SM2_verify(void) 1945 { 1946 const char *pubkey = 1947 "-----BEGIN PUBLIC KEY-----\n" 1948 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n" 1949 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n" 1950 "-----END PUBLIC KEY-----\n"; 1951 1952 const char *msg = "message digest"; 1953 const char *id = "ALICE123@YAHOO.COM"; 1954 1955 const uint8_t signature[] = { 1956 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb, 1957 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06, 1958 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36, 1959 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d, 1960 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07, 1961 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24, 1962 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70 1963 }; 1964 1965 int rc = 0; 1966 BIO *bio = NULL; 1967 EVP_PKEY *pkey = NULL; 1968 EVP_MD_CTX *mctx = NULL; 1969 EVP_PKEY_CTX *pctx = NULL; 1970 EVP_MD *sm3 = NULL; 1971 1972 bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); 1973 if (!TEST_true(bio != NULL)) 1974 goto done; 1975 1976 pkey = PEM_read_bio_PUBKEY_ex(bio, NULL, NULL, NULL, testctx, testpropq); 1977 if (!TEST_true(pkey != NULL)) 1978 goto done; 1979 1980 if (!TEST_true(EVP_PKEY_is_a(pkey, "SM2"))) 1981 goto done; 1982 1983 if (!TEST_ptr(mctx = EVP_MD_CTX_new())) 1984 goto done; 1985 1986 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 1987 goto done; 1988 1989 EVP_MD_CTX_set_pkey_ctx(mctx, pctx); 1990 1991 if (!TEST_ptr(sm3 = EVP_MD_fetch(testctx, "sm3", testpropq))) 1992 goto done; 1993 1994 if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, sm3, NULL, pkey))) 1995 goto done; 1996 1997 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, id, strlen(id)), 0)) 1998 goto done; 1999 2000 if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) 2001 goto done; 2002 2003 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)), 0)) 2004 goto done; 2005 rc = 1; 2006 2007 done: 2008 BIO_free(bio); 2009 EVP_PKEY_free(pkey); 2010 EVP_PKEY_CTX_free(pctx); 2011 EVP_MD_CTX_free(mctx); 2012 EVP_MD_free(sm3); 2013 return rc; 2014 } 2015 2016 static int test_EVP_SM2(void) 2017 { 2018 int ret = 0; 2019 EVP_PKEY *pkey = NULL; 2020 EVP_PKEY *pkeyparams = NULL; 2021 EVP_PKEY_CTX *pctx = NULL; 2022 EVP_PKEY_CTX *kctx = NULL; 2023 EVP_PKEY_CTX *sctx = NULL; 2024 size_t sig_len = 0; 2025 unsigned char *sig = NULL; 2026 EVP_MD_CTX *md_ctx = NULL; 2027 EVP_MD_CTX *md_ctx_verify = NULL; 2028 EVP_PKEY_CTX *cctx = NULL; 2029 EVP_MD *check_md = NULL; 2030 2031 uint8_t ciphertext[128]; 2032 size_t ctext_len = sizeof(ciphertext); 2033 2034 uint8_t plaintext[8]; 2035 size_t ptext_len = sizeof(plaintext); 2036 2037 uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; 2038 2039 OSSL_PARAM sparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END}; 2040 OSSL_PARAM gparams[2] = {OSSL_PARAM_END, OSSL_PARAM_END}; 2041 int i; 2042 char mdname[OSSL_MAX_NAME_SIZE]; 2043 2044 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, 2045 "SM2", testpropq))) 2046 goto done; 2047 2048 if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) 2049 goto done; 2050 2051 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2), 0)) 2052 goto done; 2053 2054 if (!TEST_true(EVP_PKEY_paramgen(pctx, &pkeyparams))) 2055 goto done; 2056 2057 if (!TEST_ptr(kctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2058 pkeyparams, testpropq))) 2059 goto done; 2060 2061 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0)) 2062 goto done; 2063 2064 if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) 2065 goto done; 2066 2067 if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) 2068 goto done; 2069 2070 if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) 2071 goto done; 2072 2073 if (!TEST_ptr(sctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2074 goto done; 2075 2076 EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); 2077 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); 2078 2079 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, "sm3", testpropq))) 2080 goto done; 2081 2082 if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, check_md, NULL, pkey))) 2083 goto done; 2084 2085 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2086 goto done; 2087 2088 if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) 2089 goto done; 2090 2091 /* Determine the size of the signature. */ 2092 if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) 2093 goto done; 2094 2095 if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) 2096 goto done; 2097 2098 if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) 2099 goto done; 2100 2101 /* Ensure that the signature round-trips. */ 2102 2103 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2104 pkey))) 2105 goto done; 2106 2107 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) 2108 goto done; 2109 2110 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2111 goto done; 2112 2113 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2114 goto done; 2115 2116 /* 2117 * Try verify again with non-matching 0 length id but ensure that it can 2118 * be set on the context and overrides the previous value. 2119 */ 2120 2121 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, check_md, NULL, 2122 pkey))) 2123 goto done; 2124 2125 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, NULL, 0), 0)) 2126 goto done; 2127 2128 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) 2129 goto done; 2130 2131 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len), 0)) 2132 goto done; 2133 2134 /* now check encryption/decryption */ 2135 2136 gparams[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2137 mdname, sizeof(mdname)); 2138 for (i = 0; i < 2; i++) { 2139 const char *mdnames[] = { 2140 #ifndef OPENSSL_NO_SM3 2141 "SM3", 2142 #else 2143 NULL, 2144 #endif 2145 "SHA2-256" }; 2146 EVP_PKEY_CTX_free(cctx); 2147 2148 if (mdnames[i] == NULL) 2149 continue; 2150 2151 sparams[0] = 2152 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST, 2153 (char *)mdnames[i], 0); 2154 2155 if (!TEST_ptr(cctx = EVP_PKEY_CTX_new_from_pkey(testctx, 2156 pkey, testpropq))) 2157 goto done; 2158 2159 if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) 2160 goto done; 2161 2162 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2163 goto done; 2164 2165 if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, 2166 sizeof(kMsg)))) 2167 goto done; 2168 2169 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx), 0)) 2170 goto done; 2171 2172 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx, sparams))) 2173 goto done; 2174 2175 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, 2176 ctext_len), 0)) 2177 goto done; 2178 2179 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx, gparams))) 2180 goto done; 2181 2182 /* 2183 * Test we're still using the digest we think we are. 2184 * Because of aliases, the easiest is to fetch the digest and 2185 * check the name with EVP_MD_is_a(). 2186 */ 2187 EVP_MD_free(check_md); 2188 if (!TEST_ptr(check_md = EVP_MD_fetch(testctx, mdname, testpropq))) 2189 goto done; 2190 if (!TEST_true(EVP_MD_is_a(check_md, mdnames[i]))) { 2191 TEST_info("Fetched md %s isn't %s", mdname, mdnames[i]); 2192 goto done; 2193 } 2194 2195 if (!TEST_true(ptext_len == sizeof(kMsg))) 2196 goto done; 2197 2198 if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) 2199 goto done; 2200 } 2201 2202 ret = 1; 2203 done: 2204 EVP_PKEY_CTX_free(pctx); 2205 EVP_PKEY_CTX_free(kctx); 2206 EVP_PKEY_CTX_free(sctx); 2207 EVP_PKEY_CTX_free(cctx); 2208 EVP_PKEY_free(pkey); 2209 EVP_PKEY_free(pkeyparams); 2210 EVP_MD_CTX_free(md_ctx); 2211 EVP_MD_CTX_free(md_ctx_verify); 2212 EVP_MD_free(check_md); 2213 OPENSSL_free(sig); 2214 return ret; 2215 } 2216 2217 #endif 2218 2219 static struct keys_st { 2220 int type; 2221 char *priv; 2222 char *pub; 2223 } keys[] = { 2224 { 2225 EVP_PKEY_HMAC, "0123456789", NULL 2226 }, 2227 { 2228 EVP_PKEY_HMAC, "", NULL 2229 #ifndef OPENSSL_NO_POLY1305 2230 }, { 2231 EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL 2232 #endif 2233 #ifndef OPENSSL_NO_SIPHASH 2234 }, { 2235 EVP_PKEY_SIPHASH, "0123456789012345", NULL 2236 #endif 2237 }, 2238 #ifndef OPENSSL_NO_EC 2239 { 2240 EVP_PKEY_X25519, "01234567890123456789012345678901", 2241 "abcdefghijklmnopqrstuvwxyzabcdef" 2242 }, { 2243 EVP_PKEY_ED25519, "01234567890123456789012345678901", 2244 "abcdefghijklmnopqrstuvwxyzabcdef" 2245 }, { 2246 EVP_PKEY_X448, 2247 "01234567890123456789012345678901234567890123456789012345", 2248 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" 2249 }, { 2250 EVP_PKEY_ED448, 2251 "012345678901234567890123456789012345678901234567890123456", 2252 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" 2253 } 2254 #endif 2255 }; 2256 2257 static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx) 2258 { 2259 int ret = 0; 2260 unsigned char buf[80]; 2261 unsigned char *in; 2262 size_t inlen, len = 0, shortlen = 1; 2263 EVP_PKEY *pkey; 2264 2265 /* Check if this algorithm supports public keys */ 2266 if (pub && keys[tst].pub == NULL) 2267 return 1; 2268 2269 memset(buf, 0, sizeof(buf)); 2270 2271 if (pub) { 2272 #ifndef OPENSSL_NO_EC 2273 inlen = strlen(keys[tst].pub); 2274 in = (unsigned char *)keys[tst].pub; 2275 if (uselibctx) { 2276 pkey = EVP_PKEY_new_raw_public_key_ex( 2277 testctx, 2278 OBJ_nid2sn(keys[tst].type), 2279 NULL, 2280 in, 2281 inlen); 2282 } else { 2283 pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, 2284 NULL, 2285 in, 2286 inlen); 2287 } 2288 #else 2289 return 1; 2290 #endif 2291 } else { 2292 inlen = strlen(keys[tst].priv); 2293 in = (unsigned char *)keys[tst].priv; 2294 if (uselibctx) { 2295 pkey = EVP_PKEY_new_raw_private_key_ex( 2296 testctx, OBJ_nid2sn(keys[tst].type), 2297 NULL, 2298 in, 2299 inlen); 2300 } else { 2301 pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, 2302 NULL, 2303 in, 2304 inlen); 2305 } 2306 } 2307 2308 if (!TEST_ptr(pkey) 2309 || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1) 2310 || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) 2311 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) 2312 || !TEST_true(len == inlen)) 2313 goto done; 2314 if (tst != 1) { 2315 /* 2316 * Test that supplying a buffer that is too small fails. Doesn't apply 2317 * to HMAC with a zero length key 2318 */ 2319 if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf, 2320 &shortlen))) 2321 || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf, 2322 &shortlen)))) 2323 goto done; 2324 } 2325 if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) 2326 || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) 2327 || !TEST_mem_eq(in, inlen, buf, len)) 2328 goto done; 2329 2330 ret = 1; 2331 done: 2332 EVP_PKEY_free(pkey); 2333 return ret; 2334 } 2335 2336 static int test_set_get_raw_keys(int tst) 2337 { 2338 return (nullprov != NULL || test_set_get_raw_keys_int(tst, 0, 0)) 2339 && test_set_get_raw_keys_int(tst, 0, 1) 2340 && (nullprov != NULL || test_set_get_raw_keys_int(tst, 1, 0)) 2341 && test_set_get_raw_keys_int(tst, 1, 1); 2342 } 2343 2344 #ifndef OPENSSL_NO_DEPRECATED_3_0 2345 static int pkey_custom_check(EVP_PKEY *pkey) 2346 { 2347 return 0xbeef; 2348 } 2349 2350 static int pkey_custom_pub_check(EVP_PKEY *pkey) 2351 { 2352 return 0xbeef; 2353 } 2354 2355 static int pkey_custom_param_check(EVP_PKEY *pkey) 2356 { 2357 return 0xbeef; 2358 } 2359 2360 static EVP_PKEY_METHOD *custom_pmeth; 2361 #endif 2362 2363 static int test_EVP_PKEY_check(int i) 2364 { 2365 int ret = 0; 2366 EVP_PKEY *pkey = NULL; 2367 EVP_PKEY_CTX *ctx = NULL; 2368 #ifndef OPENSSL_NO_DEPRECATED_3_0 2369 EVP_PKEY_CTX *ctx2 = NULL; 2370 #endif 2371 const APK_DATA *ak = &keycheckdata[i]; 2372 const unsigned char *input = ak->kder; 2373 size_t input_len = ak->size; 2374 int expected_id = ak->evptype; 2375 int expected_check = ak->check; 2376 int expected_pub_check = ak->pub_check; 2377 int expected_param_check = ak->param_check; 2378 int type = ak->type; 2379 2380 if (!TEST_ptr(pkey = load_example_key(ak->keytype, input, input_len))) 2381 goto done; 2382 if (type == 0 2383 && !TEST_int_eq(EVP_PKEY_get_id(pkey), expected_id)) 2384 goto done; 2385 2386 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq))) 2387 goto done; 2388 2389 if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) 2390 goto done; 2391 2392 if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) 2393 goto done; 2394 2395 if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) 2396 goto done; 2397 2398 #ifndef OPENSSL_NO_DEPRECATED_3_0 2399 ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); 2400 /* assign the pkey directly, as an internal test */ 2401 EVP_PKEY_up_ref(pkey); 2402 ctx2->pkey = pkey; 2403 2404 if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) 2405 goto done; 2406 2407 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) 2408 goto done; 2409 2410 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) 2411 goto done; 2412 #endif 2413 2414 ret = 1; 2415 2416 done: 2417 EVP_PKEY_CTX_free(ctx); 2418 #ifndef OPENSSL_NO_DEPRECATED_3_0 2419 EVP_PKEY_CTX_free(ctx2); 2420 #endif 2421 EVP_PKEY_free(pkey); 2422 return ret; 2423 } 2424 2425 #ifndef OPENSSL_NO_CMAC 2426 static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac) 2427 { 2428 EVP_MD_CTX *mdctx = EVP_MD_CTX_new(); 2429 const char msg[] = "Hello World"; 2430 size_t maclen = AES_BLOCK_SIZE; 2431 int ret = 1; 2432 2433 if (!TEST_ptr(mdctx) 2434 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, NULL, testctx, 2435 testpropq, pkey, NULL)) 2436 || !TEST_true(EVP_DigestSignUpdate(mdctx, msg, sizeof(msg))) 2437 || !TEST_true(EVP_DigestSignFinal(mdctx, mac, &maclen)) 2438 || !TEST_size_t_eq(maclen, AES_BLOCK_SIZE)) 2439 ret = 0; 2440 2441 EVP_MD_CTX_free(mdctx); 2442 2443 return ret; 2444 } 2445 static int test_CMAC_keygen(void) 2446 { 2447 static unsigned char key[] = { 2448 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 2449 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 2450 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 2451 }; 2452 EVP_PKEY_CTX *kctx = NULL; 2453 int ret = 0; 2454 EVP_PKEY *pkey = NULL; 2455 unsigned char mac[AES_BLOCK_SIZE]; 2456 # if !defined(OPENSSL_NO_DEPRECATED_3_0) 2457 unsigned char mac2[AES_BLOCK_SIZE]; 2458 # endif 2459 2460 if (nullprov != NULL) 2461 return TEST_skip("Test does not support a non-default library context"); 2462 2463 /* 2464 * This is a legacy method for CMACs, but should still work. 2465 * This verifies that it works without an ENGINE. 2466 */ 2467 kctx = EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC, NULL); 2468 2469 /* Test a CMAC key created using the "generated" method */ 2470 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx), 0) 2471 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 2472 EVP_PKEY_CTRL_CIPHER, 2473 0, (void *)EVP_aes_256_ecb()), 0) 2474 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx, -1, EVP_PKEY_OP_KEYGEN, 2475 EVP_PKEY_CTRL_SET_MAC_KEY, 2476 sizeof(key), (void *)key), 0) 2477 || !TEST_int_gt(EVP_PKEY_keygen(kctx, &pkey), 0) 2478 || !TEST_ptr(pkey) 2479 || !TEST_true(get_cmac_val(pkey, mac))) 2480 goto done; 2481 2482 # if !defined(OPENSSL_NO_DEPRECATED_3_0) 2483 EVP_PKEY_free(pkey); 2484 2485 /* 2486 * Test a CMAC key using the direct method, and compare with the mac 2487 * created above. 2488 */ 2489 pkey = EVP_PKEY_new_CMAC_key(NULL, key, sizeof(key), EVP_aes_256_ecb()); 2490 if (!TEST_ptr(pkey) 2491 || !TEST_true(get_cmac_val(pkey, mac2)) 2492 || !TEST_mem_eq(mac, sizeof(mac), mac2, sizeof(mac2))) 2493 goto done; 2494 # endif 2495 2496 ret = 1; 2497 2498 done: 2499 EVP_PKEY_free(pkey); 2500 EVP_PKEY_CTX_free(kctx); 2501 return ret; 2502 } 2503 #endif 2504 2505 static int test_HKDF(void) 2506 { 2507 EVP_PKEY_CTX *pctx; 2508 unsigned char out[20]; 2509 size_t outlen; 2510 int i, ret = 0; 2511 unsigned char salt[] = "0123456789"; 2512 unsigned char key[] = "012345678901234567890123456789"; 2513 unsigned char info[] = "infostring"; 2514 const unsigned char expected[] = { 2515 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, 2516 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca 2517 }; 2518 size_t expectedlen = sizeof(expected); 2519 2520 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 2521 goto done; 2522 2523 /* We do this twice to test reuse of the EVP_PKEY_CTX */ 2524 for (i = 0; i < 2; i++) { 2525 outlen = sizeof(out); 2526 memset(out, 0, outlen); 2527 2528 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 2529 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 2530 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 2531 sizeof(salt) - 1), 0) 2532 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 2533 sizeof(key) - 1), 0) 2534 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 2535 sizeof(info) - 1), 0) 2536 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 2537 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 2538 goto done; 2539 } 2540 2541 ret = 1; 2542 2543 done: 2544 EVP_PKEY_CTX_free(pctx); 2545 2546 return ret; 2547 } 2548 2549 static int test_emptyikm_HKDF(void) 2550 { 2551 EVP_PKEY_CTX *pctx; 2552 unsigned char out[20]; 2553 size_t outlen; 2554 int ret = 0; 2555 unsigned char salt[] = "9876543210"; 2556 unsigned char key[] = ""; 2557 unsigned char info[] = "stringinfo"; 2558 const unsigned char expected[] = { 2559 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47, 2560 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30 2561 }; 2562 size_t expectedlen = sizeof(expected); 2563 2564 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 2565 goto done; 2566 2567 outlen = sizeof(out); 2568 memset(out, 0, outlen); 2569 2570 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 2571 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 2572 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 2573 sizeof(salt) - 1), 0) 2574 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 2575 sizeof(key) - 1), 0) 2576 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 2577 sizeof(info) - 1), 0) 2578 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 2579 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 2580 goto done; 2581 2582 ret = 1; 2583 2584 done: 2585 EVP_PKEY_CTX_free(pctx); 2586 2587 return ret; 2588 } 2589 2590 static int test_empty_salt_info_HKDF(void) 2591 { 2592 EVP_PKEY_CTX *pctx; 2593 unsigned char out[20]; 2594 size_t outlen; 2595 int ret = 0; 2596 unsigned char salt[] = ""; 2597 unsigned char key[] = "012345678901234567890123456789"; 2598 unsigned char info[] = ""; 2599 const unsigned char expected[] = { 2600 0x67, 0x12, 0xf9, 0x27, 0x8a, 0x8a, 0x3a, 0x8f, 0x7d, 0x2c, 0xa3, 0x6a, 2601 0xaa, 0xe9, 0xb3, 0xb9, 0x52, 0x5f, 0xe0, 0x06, 2602 }; 2603 size_t expectedlen = sizeof(expected); 2604 2605 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "HKDF", testpropq))) 2606 goto done; 2607 2608 outlen = sizeof(out); 2609 memset(out, 0, outlen); 2610 2611 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) 2612 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) 2613 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, 2614 sizeof(salt) - 1), 0) 2615 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, 2616 sizeof(key) - 1), 0) 2617 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, 2618 sizeof(info) - 1), 0) 2619 || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) 2620 || !TEST_mem_eq(out, outlen, expected, expectedlen)) 2621 goto done; 2622 2623 ret = 1; 2624 2625 done: 2626 EVP_PKEY_CTX_free(pctx); 2627 2628 return ret; 2629 } 2630 2631 #ifndef OPENSSL_NO_EC 2632 static int test_X509_PUBKEY_inplace(void) 2633 { 2634 int ret = 0; 2635 X509_PUBKEY *xp = X509_PUBKEY_new_ex(testctx, testpropq); 2636 const unsigned char *p = kExampleECPubKeyDER; 2637 size_t input_len = sizeof(kExampleECPubKeyDER); 2638 2639 if (!TEST_ptr(xp)) 2640 goto done; 2641 if (!TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len))) 2642 goto done; 2643 2644 if (!TEST_ptr(X509_PUBKEY_get0(xp))) 2645 goto done; 2646 2647 p = kExampleBadECPubKeyDER; 2648 input_len = sizeof(kExampleBadECPubKeyDER); 2649 2650 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))) 2651 goto done; 2652 2653 if (!TEST_true(X509_PUBKEY_get0(xp) == NULL)) 2654 goto done; 2655 2656 ret = 1; 2657 2658 done: 2659 X509_PUBKEY_free(xp); 2660 return ret; 2661 } 2662 2663 static int test_X509_PUBKEY_dup(void) 2664 { 2665 int ret = 0; 2666 X509_PUBKEY *xp = NULL, *xq = NULL; 2667 const unsigned char *p = kExampleECPubKeyDER; 2668 size_t input_len = sizeof(kExampleECPubKeyDER); 2669 2670 xp = X509_PUBKEY_new_ex(testctx, testpropq); 2671 if (!TEST_ptr(xp) 2672 || !TEST_ptr(d2i_X509_PUBKEY(&xp, &p, input_len)) 2673 || !TEST_ptr(xq = X509_PUBKEY_dup(xp)) 2674 || !TEST_ptr_ne(xp, xq)) 2675 goto done; 2676 2677 if (!TEST_ptr(X509_PUBKEY_get0(xq)) 2678 || !TEST_ptr(X509_PUBKEY_get0(xp)) 2679 || !TEST_ptr_ne(X509_PUBKEY_get0(xq), X509_PUBKEY_get0(xp))) 2680 goto done; 2681 2682 X509_PUBKEY_free(xq); 2683 xq = NULL; 2684 p = kExampleBadECPubKeyDER; 2685 input_len = sizeof(kExampleBadECPubKeyDER); 2686 2687 if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len)) 2688 || !TEST_ptr(xq = X509_PUBKEY_dup(xp))) 2689 goto done; 2690 2691 X509_PUBKEY_free(xp); 2692 xp = NULL; 2693 if (!TEST_true(X509_PUBKEY_get0(xq) == NULL)) 2694 goto done; 2695 2696 ret = 1; 2697 2698 done: 2699 X509_PUBKEY_free(xp); 2700 X509_PUBKEY_free(xq); 2701 return ret; 2702 } 2703 #endif /* OPENSSL_NO_EC */ 2704 2705 /* Test getting and setting parameters on an EVP_PKEY_CTX */ 2706 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY *pkey) 2707 { 2708 EVP_MD_CTX *mdctx = NULL; 2709 EVP_PKEY_CTX *ctx = NULL; 2710 const OSSL_PARAM *params; 2711 OSSL_PARAM ourparams[2], *param = ourparams, *param_md; 2712 int ret = 0; 2713 const EVP_MD *md; 2714 char mdname[OSSL_MAX_NAME_SIZE]; 2715 char ssl3ms[48]; 2716 2717 /* Initialise a sign operation */ 2718 ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, testpropq); 2719 if (!TEST_ptr(ctx) 2720 || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)) 2721 goto err; 2722 2723 /* 2724 * We should be able to query the parameters now. 2725 */ 2726 params = EVP_PKEY_CTX_settable_params(ctx); 2727 if (!TEST_ptr(params) 2728 || !TEST_ptr(OSSL_PARAM_locate_const(params, 2729 OSSL_SIGNATURE_PARAM_DIGEST))) 2730 goto err; 2731 2732 params = EVP_PKEY_CTX_gettable_params(ctx); 2733 if (!TEST_ptr(params) 2734 || !TEST_ptr(OSSL_PARAM_locate_const(params, 2735 OSSL_SIGNATURE_PARAM_ALGORITHM_ID)) 2736 || !TEST_ptr(OSSL_PARAM_locate_const(params, 2737 OSSL_SIGNATURE_PARAM_DIGEST))) 2738 goto err; 2739 2740 /* 2741 * Test getting and setting params via EVP_PKEY_CTX_set_params() and 2742 * EVP_PKEY_CTX_get_params() 2743 */ 2744 strcpy(mdname, "SHA512"); 2745 param_md = param; 2746 *param++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 2747 mdname, 0); 2748 *param++ = OSSL_PARAM_construct_end(); 2749 2750 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams))) 2751 goto err; 2752 2753 mdname[0] = '\0'; 2754 *param_md = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST, 2755 mdname, sizeof(mdname)); 2756 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams)) 2757 || !TEST_str_eq(mdname, "SHA512")) 2758 goto err; 2759 2760 /* 2761 * Test the TEST_PKEY_CTX_set_signature_md() and 2762 * TEST_PKEY_CTX_get_signature_md() functions 2763 */ 2764 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0) 2765 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0) 2766 || !TEST_ptr_eq(md, EVP_sha256())) 2767 goto err; 2768 2769 /* 2770 * Test getting MD parameters via an associated EVP_PKEY_CTX 2771 */ 2772 mdctx = EVP_MD_CTX_new(); 2773 if (!TEST_ptr(mdctx) 2774 || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", testctx, testpropq, 2775 pkey, NULL))) 2776 goto err; 2777 2778 /* 2779 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be 2780 * able to obtain the digest's settable parameters from the provider. 2781 */ 2782 params = EVP_MD_CTX_settable_params(mdctx); 2783 if (!TEST_ptr(params) 2784 || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0) 2785 /* The final key should be NULL */ 2786 || !TEST_ptr_null(params[1].key)) 2787 goto err; 2788 2789 param = ourparams; 2790 memset(ssl3ms, 0, sizeof(ssl3ms)); 2791 *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, 2792 ssl3ms, sizeof(ssl3ms)); 2793 *param++ = OSSL_PARAM_construct_end(); 2794 2795 if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams))) 2796 goto err; 2797 2798 ret = 1; 2799 2800 err: 2801 EVP_MD_CTX_free(mdctx); 2802 EVP_PKEY_CTX_free(ctx); 2803 2804 return ret; 2805 } 2806 2807 #ifndef OPENSSL_NO_DSA 2808 static int test_DSA_get_set_params(void) 2809 { 2810 OSSL_PARAM_BLD *bld = NULL; 2811 OSSL_PARAM *params = NULL; 2812 BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; 2813 EVP_PKEY_CTX *pctx = NULL; 2814 EVP_PKEY *pkey = NULL; 2815 int ret = 0; 2816 2817 /* 2818 * Setup the parameters for our DSA object. For our purposes they don't 2819 * have to actually be *valid* parameters. We just need to set something. 2820 */ 2821 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "DSA", NULL)) 2822 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 2823 || !TEST_ptr(p = BN_new()) 2824 || !TEST_ptr(q = BN_new()) 2825 || !TEST_ptr(g = BN_new()) 2826 || !TEST_ptr(pub = BN_new()) 2827 || !TEST_ptr(priv = BN_new())) 2828 goto err; 2829 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)) 2830 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)) 2831 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)) 2832 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, 2833 pub)) 2834 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, 2835 priv))) 2836 goto err; 2837 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 2838 goto err; 2839 2840 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 2841 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 2842 params), 0)) 2843 goto err; 2844 2845 if (!TEST_ptr(pkey)) 2846 goto err; 2847 2848 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 2849 2850 err: 2851 EVP_PKEY_free(pkey); 2852 EVP_PKEY_CTX_free(pctx); 2853 OSSL_PARAM_free(params); 2854 OSSL_PARAM_BLD_free(bld); 2855 BN_free(p); 2856 BN_free(q); 2857 BN_free(g); 2858 BN_free(pub); 2859 BN_free(priv); 2860 2861 return ret; 2862 } 2863 2864 /* 2865 * Test combinations of private, public, missing and private + public key 2866 * params to ensure they are all accepted 2867 */ 2868 static int test_DSA_priv_pub(void) 2869 { 2870 return test_EVP_PKEY_ffc_priv_pub("DSA"); 2871 } 2872 2873 #endif /* !OPENSSL_NO_DSA */ 2874 2875 static int test_RSA_get_set_params(void) 2876 { 2877 OSSL_PARAM_BLD *bld = NULL; 2878 OSSL_PARAM *params = NULL; 2879 BIGNUM *n = NULL, *e = NULL, *d = NULL; 2880 EVP_PKEY_CTX *pctx = NULL; 2881 EVP_PKEY *pkey = NULL; 2882 int ret = 0; 2883 2884 /* 2885 * Setup the parameters for our RSA object. For our purposes they don't 2886 * have to actually be *valid* parameters. We just need to set something. 2887 */ 2888 if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA", NULL)) 2889 || !TEST_ptr(bld = OSSL_PARAM_BLD_new()) 2890 || !TEST_ptr(n = BN_new()) 2891 || !TEST_ptr(e = BN_new()) 2892 || !TEST_ptr(d = BN_new())) 2893 goto err; 2894 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_N, n)) 2895 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_E, e)) 2896 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_RSA_D, d))) 2897 goto err; 2898 if (!TEST_ptr(params = OSSL_PARAM_BLD_to_param(bld))) 2899 goto err; 2900 2901 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx), 0) 2902 || !TEST_int_gt(EVP_PKEY_fromdata(pctx, &pkey, EVP_PKEY_KEYPAIR, 2903 params), 0)) 2904 goto err; 2905 2906 if (!TEST_ptr(pkey)) 2907 goto err; 2908 2909 ret = test_EVP_PKEY_CTX_get_set_params(pkey); 2910 2911 err: 2912 EVP_PKEY_free(pkey); 2913 EVP_PKEY_CTX_free(pctx); 2914 OSSL_PARAM_free(params); 2915 OSSL_PARAM_BLD_free(bld); 2916 BN_free(n); 2917 BN_free(e); 2918 BN_free(d); 2919 2920 return ret; 2921 } 2922 2923 static int test_RSA_OAEP_set_get_params(void) 2924 { 2925 int ret = 0; 2926 EVP_PKEY *key = NULL; 2927 EVP_PKEY_CTX *key_ctx = NULL; 2928 2929 if (nullprov != NULL) 2930 return TEST_skip("Test does not support a non-default library context"); 2931 2932 if (!TEST_ptr(key = load_example_rsa_key()) 2933 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(0, key, 0))) 2934 goto err; 2935 2936 { 2937 int padding = RSA_PKCS1_OAEP_PADDING; 2938 OSSL_PARAM params[4]; 2939 2940 params[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE, &padding); 2941 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 2942 OSSL_DIGEST_NAME_SHA2_256, 0); 2943 params[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 2944 OSSL_DIGEST_NAME_SHA1, 0); 2945 params[3] = OSSL_PARAM_construct_end(); 2946 2947 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx, params),0)) 2948 goto err; 2949 } 2950 { 2951 OSSL_PARAM params[3]; 2952 char oaepmd[30] = { '\0' }; 2953 char mgf1md[30] = { '\0' }; 2954 2955 params[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST, 2956 oaepmd, sizeof(oaepmd)); 2957 params[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST, 2958 mgf1md, sizeof(mgf1md)); 2959 params[2] = OSSL_PARAM_construct_end(); 2960 2961 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx, params))) 2962 goto err; 2963 2964 if (!TEST_str_eq(oaepmd, OSSL_DIGEST_NAME_SHA2_256) 2965 || !TEST_str_eq(mgf1md, OSSL_DIGEST_NAME_SHA1)) 2966 goto err; 2967 } 2968 2969 ret = 1; 2970 2971 err: 2972 EVP_PKEY_free(key); 2973 EVP_PKEY_CTX_free(key_ctx); 2974 2975 return ret; 2976 } 2977 2978 /* https://github.com/openssl/openssl/issues/21288 */ 2979 static int test_RSA_OAEP_set_null_label(void) 2980 { 2981 int ret = 0; 2982 EVP_PKEY *key = NULL; 2983 EVP_PKEY_CTX *key_ctx = NULL; 2984 2985 if (!TEST_ptr(key = load_example_rsa_key()) 2986 || !TEST_ptr(key_ctx = EVP_PKEY_CTX_new_from_pkey(testctx, key, NULL)) 2987 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx))) 2988 goto err; 2989 2990 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx, RSA_PKCS1_OAEP_PADDING))) 2991 goto err; 2992 2993 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, OPENSSL_strdup("foo"), 0))) 2994 goto err; 2995 2996 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx, NULL, 0))) 2997 goto err; 2998 2999 ret = 1; 3000 3001 err: 3002 EVP_PKEY_free(key); 3003 EVP_PKEY_CTX_free(key_ctx); 3004 3005 return ret; 3006 } 3007 3008 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 3009 static int test_decrypt_null_chunks(void) 3010 { 3011 EVP_CIPHER_CTX* ctx = NULL; 3012 EVP_CIPHER *cipher = NULL; 3013 const unsigned char key[32] = { 3014 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 3015 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 3016 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1 3017 }; 3018 unsigned char iv[12] = { 3019 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b 3020 }; 3021 unsigned char msg[] = "It was the best of times, it was the worst of times"; 3022 unsigned char ciphertext[80]; 3023 unsigned char plaintext[80]; 3024 /* We initialise tmp to a non zero value on purpose */ 3025 int ctlen, ptlen, tmp = 99; 3026 int ret = 0; 3027 const int enc_offset = 10, dec_offset = 20; 3028 3029 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "ChaCha20-Poly1305", testpropq)) 3030 || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 3031 || !TEST_true(EVP_EncryptInit_ex(ctx, cipher, NULL, 3032 key, iv)) 3033 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &ctlen, msg, 3034 enc_offset)) 3035 /* Deliberate add a zero length update */ 3036 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, NULL, 3037 0)) 3038 || !TEST_int_eq(tmp, 0) 3039 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext + ctlen, &tmp, 3040 msg + enc_offset, 3041 sizeof(msg) - enc_offset)) 3042 || !TEST_int_eq(ctlen += tmp, sizeof(msg)) 3043 || !TEST_true(EVP_EncryptFinal(ctx, ciphertext + ctlen, &tmp)) 3044 || !TEST_int_eq(tmp, 0)) 3045 goto err; 3046 3047 /* Deliberately initialise tmp to a non zero value */ 3048 tmp = 99; 3049 if (!TEST_true(EVP_DecryptInit_ex(ctx, cipher, NULL, key, iv)) 3050 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext, &ptlen, ciphertext, 3051 dec_offset)) 3052 /* 3053 * Deliberately add a zero length update. We also deliberately do 3054 * this at a different offset than for encryption. 3055 */ 3056 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, NULL, 3057 0)) 3058 || !TEST_int_eq(tmp, 0) 3059 || !TEST_true(EVP_DecryptUpdate(ctx, plaintext + ptlen, &tmp, 3060 ciphertext + dec_offset, 3061 ctlen - dec_offset)) 3062 || !TEST_int_eq(ptlen += tmp, sizeof(msg)) 3063 || !TEST_true(EVP_DecryptFinal(ctx, plaintext + ptlen, &tmp)) 3064 || !TEST_int_eq(tmp, 0) 3065 || !TEST_mem_eq(msg, sizeof(msg), plaintext, ptlen)) 3066 goto err; 3067 3068 ret = 1; 3069 err: 3070 EVP_CIPHER_CTX_free(ctx); 3071 EVP_CIPHER_free(cipher); 3072 return ret; 3073 } 3074 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */ 3075 3076 #ifndef OPENSSL_NO_DH 3077 /* 3078 * Test combinations of private, public, missing and private + public key 3079 * params to ensure they are all accepted 3080 */ 3081 static int test_DH_priv_pub(void) 3082 { 3083 return test_EVP_PKEY_ffc_priv_pub("DH"); 3084 } 3085 3086 # ifndef OPENSSL_NO_DEPRECATED_3_0 3087 static int test_EVP_PKEY_set1_DH(void) 3088 { 3089 DH *x942dh = NULL, *noqdh = NULL; 3090 EVP_PKEY *pkey1 = NULL, *pkey2 = NULL; 3091 int ret = 0; 3092 BIGNUM *p, *g = NULL; 3093 BIGNUM *pubkey = NULL; 3094 unsigned char pub[2048 / 8]; 3095 size_t len = 0; 3096 3097 if (!TEST_ptr(p = BN_new()) 3098 || !TEST_ptr(g = BN_new()) 3099 || !TEST_ptr(pubkey = BN_new()) 3100 || !TEST_true(BN_set_word(p, 9999)) 3101 || !TEST_true(BN_set_word(g, 2)) 3102 || !TEST_true(BN_set_word(pubkey, 4321)) 3103 || !TEST_ptr(noqdh = DH_new()) 3104 || !TEST_true(DH_set0_pqg(noqdh, p, NULL, g)) 3105 || !TEST_true(DH_set0_key(noqdh, pubkey, NULL)) 3106 || !TEST_ptr(pubkey = BN_new()) 3107 || !TEST_true(BN_set_word(pubkey, 4321))) 3108 goto err; 3109 p = g = NULL; 3110 3111 x942dh = DH_get_2048_256(); 3112 pkey1 = EVP_PKEY_new(); 3113 pkey2 = EVP_PKEY_new(); 3114 if (!TEST_ptr(x942dh) 3115 || !TEST_ptr(noqdh) 3116 || !TEST_ptr(pkey1) 3117 || !TEST_ptr(pkey2) 3118 || !TEST_true(DH_set0_key(x942dh, pubkey, NULL))) 3119 goto err; 3120 pubkey = NULL; 3121 3122 if (!TEST_true(EVP_PKEY_set1_DH(pkey1, x942dh)) 3123 || !TEST_int_eq(EVP_PKEY_get_id(pkey1), EVP_PKEY_DHX)) 3124 goto err; 3125 3126 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1, OSSL_PKEY_PARAM_PUB_KEY, 3127 &pubkey)) 3128 || !TEST_ptr(pubkey)) 3129 goto err; 3130 3131 if (!TEST_true(EVP_PKEY_set1_DH(pkey2, noqdh)) 3132 || !TEST_int_eq(EVP_PKEY_get_id(pkey2), EVP_PKEY_DH)) 3133 goto err; 3134 3135 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2, 3136 OSSL_PKEY_PARAM_PUB_KEY, 3137 pub, sizeof(pub), &len)) 3138 || !TEST_size_t_ne(len, 0)) 3139 goto err; 3140 3141 ret = 1; 3142 err: 3143 BN_free(p); 3144 BN_free(g); 3145 BN_free(pubkey); 3146 EVP_PKEY_free(pkey1); 3147 EVP_PKEY_free(pkey2); 3148 DH_free(x942dh); 3149 DH_free(noqdh); 3150 3151 return ret; 3152 } 3153 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */ 3154 #endif /* !OPENSSL_NO_DH */ 3155 3156 /* 3157 * We test what happens with an empty template. For the sake of this test, 3158 * the template must be ignored, and we know that's the case for RSA keys 3159 * (this might arguably be a misfeature, but that's what we currently do, 3160 * even in provider code, since that's how the legacy RSA implementation 3161 * does things) 3162 */ 3163 static int test_keygen_with_empty_template(int n) 3164 { 3165 EVP_PKEY_CTX *ctx = NULL; 3166 EVP_PKEY *pkey = NULL; 3167 EVP_PKEY *tkey = NULL; 3168 int ret = 0; 3169 3170 if (nullprov != NULL) 3171 return TEST_skip("Test does not support a non-default library context"); 3172 3173 switch (n) { 3174 case 0: 3175 /* We do test with no template at all as well */ 3176 if (!TEST_ptr(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) 3177 goto err; 3178 break; 3179 case 1: 3180 /* Here we create an empty RSA key that serves as our template */ 3181 if (!TEST_ptr(tkey = EVP_PKEY_new()) 3182 || !TEST_true(EVP_PKEY_set_type(tkey, EVP_PKEY_RSA)) 3183 || !TEST_ptr(ctx = EVP_PKEY_CTX_new(tkey, NULL))) 3184 goto err; 3185 break; 3186 } 3187 3188 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 3189 || !TEST_int_gt(EVP_PKEY_keygen(ctx, &pkey), 0)) 3190 goto err; 3191 3192 ret = 1; 3193 err: 3194 EVP_PKEY_CTX_free(ctx); 3195 EVP_PKEY_free(pkey); 3196 EVP_PKEY_free(tkey); 3197 return ret; 3198 } 3199 3200 /* 3201 * Test that we fail if we attempt to use an algorithm that is not available 3202 * in the current library context (unless we are using an algorithm that 3203 * should be made available via legacy codepaths). 3204 * 3205 * 0: RSA 3206 * 1: SM2 3207 */ 3208 static int test_pkey_ctx_fail_without_provider(int tst) 3209 { 3210 OSSL_LIB_CTX *tmpctx = OSSL_LIB_CTX_new(); 3211 OSSL_PROVIDER *tmpnullprov = NULL; 3212 EVP_PKEY_CTX *pctx = NULL; 3213 const char *keytype = NULL; 3214 int expect_null = 0; 3215 int ret = 0; 3216 3217 if (!TEST_ptr(tmpctx)) 3218 goto err; 3219 3220 tmpnullprov = OSSL_PROVIDER_load(tmpctx, "null"); 3221 if (!TEST_ptr(tmpnullprov)) 3222 goto err; 3223 3224 /* 3225 * We check for certain algos in the null provider. 3226 * If an algo is expected to have a provider keymgmt, contructing an 3227 * EVP_PKEY_CTX is expected to fail (return NULL). 3228 * Otherwise, if it's expected to have legacy support, contructing an 3229 * EVP_PKEY_CTX is expected to succeed (return non-NULL). 3230 */ 3231 switch (tst) { 3232 case 0: 3233 keytype = "RSA"; 3234 expect_null = 1; 3235 break; 3236 case 1: 3237 keytype = "SM2"; 3238 expect_null = 1; 3239 #ifdef OPENSSL_NO_EC 3240 TEST_info("EC disable, skipping SM2 check..."); 3241 goto end; 3242 #endif 3243 #ifdef OPENSSL_NO_SM2 3244 TEST_info("SM2 disable, skipping SM2 check..."); 3245 goto end; 3246 #endif 3247 break; 3248 default: 3249 TEST_error("No test for case %d", tst); 3250 goto err; 3251 } 3252 3253 pctx = EVP_PKEY_CTX_new_from_name(tmpctx, keytype, ""); 3254 if (expect_null ? !TEST_ptr_null(pctx) : !TEST_ptr(pctx)) 3255 goto err; 3256 3257 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2) 3258 end: 3259 #endif 3260 ret = 1; 3261 3262 err: 3263 EVP_PKEY_CTX_free(pctx); 3264 OSSL_PROVIDER_unload(tmpnullprov); 3265 OSSL_LIB_CTX_free(tmpctx); 3266 return ret; 3267 } 3268 3269 static int test_rand_agglomeration(void) 3270 { 3271 EVP_RAND *rand; 3272 EVP_RAND_CTX *ctx; 3273 OSSL_PARAM params[3], *p = params; 3274 int res; 3275 unsigned int step = 7; 3276 static unsigned char seed[] = "It does not matter how slowly you go " 3277 "as long as you do not stop."; 3278 unsigned char out[sizeof(seed)]; 3279 3280 if (!TEST_int_ne(sizeof(seed) % step, 0) 3281 || !TEST_ptr(rand = EVP_RAND_fetch(testctx, "TEST-RAND", testpropq))) 3282 return 0; 3283 ctx = EVP_RAND_CTX_new(rand, NULL); 3284 EVP_RAND_free(rand); 3285 if (!TEST_ptr(ctx)) 3286 return 0; 3287 3288 memset(out, 0, sizeof(out)); 3289 *p++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY, 3290 seed, sizeof(seed)); 3291 *p++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST, &step); 3292 *p = OSSL_PARAM_construct_end(); 3293 res = TEST_true(EVP_RAND_CTX_set_params(ctx, params)) 3294 && TEST_true(EVP_RAND_generate(ctx, out, sizeof(out), 0, 1, NULL, 0)) 3295 && TEST_mem_eq(seed, sizeof(seed), out, sizeof(out)); 3296 EVP_RAND_CTX_free(ctx); 3297 return res; 3298 } 3299 3300 /* 3301 * Test that we correctly return the original or "running" IV after 3302 * an encryption operation. 3303 * Run multiple times for some different relevant algorithms/modes. 3304 */ 3305 static int test_evp_iv_aes(int idx) 3306 { 3307 int ret = 0; 3308 EVP_CIPHER_CTX *ctx = NULL; 3309 unsigned char key[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1, 3310 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57}; 3311 unsigned char init_iv[EVP_MAX_IV_LENGTH] = 3312 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 3313 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34}; 3314 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8, 3315 9, 10, 11, 12, 13, 14, 15, 16 }; 3316 unsigned char ciphertext[32], oiv[16], iv[16]; 3317 unsigned char *ref_iv; 3318 unsigned char cbc_state[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9, 3319 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e}; 3320 3321 unsigned char ofb_state[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64, 3322 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd}; 3323 unsigned char cfb_state[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c, 3324 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed}; 3325 unsigned char gcm_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 3326 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81}; 3327 unsigned char ccm_state[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98}; 3328 #ifndef OPENSSL_NO_OCB 3329 unsigned char ocb_state[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 3330 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81}; 3331 #endif 3332 int len = sizeof(ciphertext); 3333 size_t ivlen, ref_len; 3334 const EVP_CIPHER *type = NULL; 3335 int iv_reset = 0; 3336 3337 if (nullprov != NULL && idx < 6) 3338 return TEST_skip("Test does not support a non-default library context"); 3339 3340 switch(idx) { 3341 case 0: 3342 type = EVP_aes_128_cbc(); 3343 /* FALLTHROUGH */ 3344 case 6: 3345 type = (type != NULL) ? type : 3346 EVP_CIPHER_fetch(testctx, "aes-128-cbc", testpropq); 3347 ref_iv = cbc_state; 3348 ref_len = sizeof(cbc_state); 3349 iv_reset = 1; 3350 break; 3351 case 1: 3352 type = EVP_aes_128_ofb(); 3353 /* FALLTHROUGH */ 3354 case 7: 3355 type = (type != NULL) ? type : 3356 EVP_CIPHER_fetch(testctx, "aes-128-ofb", testpropq); 3357 ref_iv = ofb_state; 3358 ref_len = sizeof(ofb_state); 3359 iv_reset = 1; 3360 break; 3361 case 2: 3362 type = EVP_aes_128_cfb(); 3363 /* FALLTHROUGH */ 3364 case 8: 3365 type = (type != NULL) ? type : 3366 EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq); 3367 ref_iv = cfb_state; 3368 ref_len = sizeof(cfb_state); 3369 iv_reset = 1; 3370 break; 3371 case 3: 3372 type = EVP_aes_128_gcm(); 3373 /* FALLTHROUGH */ 3374 case 9: 3375 type = (type != NULL) ? type : 3376 EVP_CIPHER_fetch(testctx, "aes-128-gcm", testpropq); 3377 ref_iv = gcm_state; 3378 ref_len = sizeof(gcm_state); 3379 break; 3380 case 4: 3381 type = EVP_aes_128_ccm(); 3382 /* FALLTHROUGH */ 3383 case 10: 3384 type = (type != NULL) ? type : 3385 EVP_CIPHER_fetch(testctx, "aes-128-ccm", testpropq); 3386 ref_iv = ccm_state; 3387 ref_len = sizeof(ccm_state); 3388 break; 3389 #ifdef OPENSSL_NO_OCB 3390 case 5: 3391 case 11: 3392 return 1; 3393 #else 3394 case 5: 3395 type = EVP_aes_128_ocb(); 3396 /* FALLTHROUGH */ 3397 case 11: 3398 type = (type != NULL) ? type : 3399 EVP_CIPHER_fetch(testctx, "aes-128-ocb", testpropq); 3400 ref_iv = ocb_state; 3401 ref_len = sizeof(ocb_state); 3402 break; 3403 #endif 3404 default: 3405 return 0; 3406 } 3407 3408 if (!TEST_ptr(type) 3409 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 3410 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 3411 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 3412 (int)sizeof(msg))) 3413 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 3414 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 3415 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 3416 goto err; 3417 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 3418 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 3419 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 3420 goto err; 3421 3422 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */ 3423 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 3424 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 3425 goto err; 3426 if (iv_reset) { 3427 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 3428 goto err; 3429 } else { 3430 if (!TEST_mem_eq(ref_iv, ivlen, iv, ivlen)) 3431 goto err; 3432 } 3433 3434 ret = 1; 3435 err: 3436 EVP_CIPHER_CTX_free(ctx); 3437 if (idx >= 6) 3438 EVP_CIPHER_free((EVP_CIPHER *)type); 3439 return ret; 3440 } 3441 3442 #ifndef OPENSSL_NO_DES 3443 static int test_evp_iv_des(int idx) 3444 { 3445 int ret = 0; 3446 EVP_CIPHER_CTX *ctx = NULL; 3447 static const unsigned char key[24] = { 3448 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, 3449 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86, 3450 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 3451 }; 3452 static const unsigned char init_iv[8] = { 3453 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 3454 }; 3455 static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8, 3456 9, 10, 11, 12, 13, 14, 15, 16 }; 3457 unsigned char ciphertext[32], oiv[8], iv[8]; 3458 unsigned const char *ref_iv; 3459 static const unsigned char cbc_state_des[8] = { 3460 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a 3461 }; 3462 static const unsigned char cbc_state_3des[8] = { 3463 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9 3464 }; 3465 static const unsigned char ofb_state_des[8] = { 3466 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c 3467 }; 3468 static const unsigned char ofb_state_3des[8] = { 3469 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e 3470 }; 3471 static const unsigned char cfb_state_des[8] = { 3472 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73 3473 }; 3474 static const unsigned char cfb_state_3des[8] = { 3475 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7 3476 }; 3477 int len = sizeof(ciphertext); 3478 size_t ivlen, ref_len; 3479 EVP_CIPHER *type = NULL; 3480 3481 if (lgcyprov == NULL && idx < 3) 3482 return TEST_skip("Test requires legacy provider to be loaded"); 3483 3484 switch(idx) { 3485 case 0: 3486 type = EVP_CIPHER_fetch(testctx, "des-cbc", testpropq); 3487 ref_iv = cbc_state_des; 3488 ref_len = sizeof(cbc_state_des); 3489 break; 3490 case 1: 3491 type = EVP_CIPHER_fetch(testctx, "des-ofb", testpropq); 3492 ref_iv = ofb_state_des; 3493 ref_len = sizeof(ofb_state_des); 3494 break; 3495 case 2: 3496 type = EVP_CIPHER_fetch(testctx, "des-cfb", testpropq); 3497 ref_iv = cfb_state_des; 3498 ref_len = sizeof(cfb_state_des); 3499 break; 3500 case 3: 3501 type = EVP_CIPHER_fetch(testctx, "des-ede3-cbc", testpropq); 3502 ref_iv = cbc_state_3des; 3503 ref_len = sizeof(cbc_state_3des); 3504 break; 3505 case 4: 3506 type = EVP_CIPHER_fetch(testctx, "des-ede3-ofb", testpropq); 3507 ref_iv = ofb_state_3des; 3508 ref_len = sizeof(ofb_state_3des); 3509 break; 3510 case 5: 3511 type = EVP_CIPHER_fetch(testctx, "des-ede3-cfb", testpropq); 3512 ref_iv = cfb_state_3des; 3513 ref_len = sizeof(cfb_state_3des); 3514 break; 3515 default: 3516 return 0; 3517 } 3518 3519 if (!TEST_ptr(type) 3520 || !TEST_ptr((ctx = EVP_CIPHER_CTX_new())) 3521 || !TEST_true(EVP_EncryptInit_ex(ctx, type, NULL, key, init_iv)) 3522 || !TEST_true(EVP_EncryptUpdate(ctx, ciphertext, &len, msg, 3523 (int)sizeof(msg))) 3524 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx, oiv, sizeof(oiv))) 3525 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv))) 3526 || !TEST_true(EVP_EncryptFinal_ex(ctx, ciphertext, &len))) 3527 goto err; 3528 ivlen = EVP_CIPHER_CTX_get_iv_length(ctx); 3529 if (!TEST_mem_eq(init_iv, ivlen, oiv, ivlen) 3530 || !TEST_mem_eq(ref_iv, ref_len, iv, ivlen)) 3531 goto err; 3532 3533 if (!TEST_true(EVP_EncryptInit_ex(ctx, NULL, NULL, NULL, NULL)) 3534 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, iv, sizeof(iv)))) 3535 goto err; 3536 if (!TEST_mem_eq(init_iv, ivlen, iv, ivlen)) 3537 goto err; 3538 3539 ret = 1; 3540 err: 3541 EVP_CIPHER_CTX_free(ctx); 3542 EVP_CIPHER_free(type); 3543 return ret; 3544 } 3545 #endif 3546 3547 #ifndef OPENSSL_NO_BF 3548 static int test_evp_bf_default_keylen(int idx) 3549 { 3550 int ret = 0; 3551 static const char *algos[4] = { 3552 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb" 3553 }; 3554 int ivlen[4] = { 0, 8, 8, 8 }; 3555 EVP_CIPHER *cipher = NULL; 3556 3557 if (lgcyprov == NULL) 3558 return TEST_skip("Test requires legacy provider to be loaded"); 3559 3560 if (!TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, algos[idx], testpropq)) 3561 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher), 16) 3562 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher), ivlen[idx])) 3563 goto err; 3564 3565 ret = 1; 3566 err: 3567 EVP_CIPHER_free(cipher); 3568 return ret; 3569 } 3570 #endif 3571 3572 #ifndef OPENSSL_NO_EC 3573 static int ecpub_nids[] = { 3574 NID_brainpoolP256r1, NID_X9_62_prime256v1, 3575 NID_secp384r1, NID_secp521r1, 3576 # ifndef OPENSSL_NO_EC2M 3577 NID_sect233k1, NID_sect233r1, NID_sect283r1, 3578 NID_sect409k1, NID_sect409r1, NID_sect571k1, NID_sect571r1, 3579 # endif 3580 NID_brainpoolP384r1, NID_brainpoolP512r1 3581 }; 3582 3583 static int test_ecpub(int idx) 3584 { 3585 int ret = 0, len, savelen; 3586 int nid; 3587 unsigned char buf[1024]; 3588 unsigned char *p; 3589 EVP_PKEY *pkey = NULL; 3590 EVP_PKEY_CTX *ctx = NULL; 3591 # ifndef OPENSSL_NO_DEPRECATED_3_0 3592 const unsigned char *q; 3593 EVP_PKEY *pkey2 = NULL; 3594 EC_KEY *ec = NULL; 3595 # endif 3596 3597 if (nullprov != NULL) 3598 return TEST_skip("Test does not support a non-default library context"); 3599 3600 nid = ecpub_nids[idx]; 3601 3602 ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); 3603 if (!TEST_ptr(ctx) 3604 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 3605 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, nid), 0) 3606 || !TEST_true(EVP_PKEY_keygen(ctx, &pkey))) 3607 goto done; 3608 len = i2d_PublicKey(pkey, NULL); 3609 savelen = len; 3610 if (!TEST_int_ge(len, 1) 3611 || !TEST_int_lt(len, 1024)) 3612 goto done; 3613 p = buf; 3614 len = i2d_PublicKey(pkey, &p); 3615 if (!TEST_int_ge(len, 1) 3616 || !TEST_int_eq(len, savelen)) 3617 goto done; 3618 3619 # ifndef OPENSSL_NO_DEPRECATED_3_0 3620 /* Now try to decode the just-created DER. */ 3621 q = buf; 3622 if (!TEST_ptr((pkey2 = EVP_PKEY_new())) 3623 || !TEST_ptr((ec = EC_KEY_new_by_curve_name(nid))) 3624 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2, ec))) 3625 goto done; 3626 /* EC_KEY ownership transferred */ 3627 ec = NULL; 3628 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC, &pkey2, &q, savelen))) 3629 goto done; 3630 /* The keys should match. */ 3631 if (!TEST_int_eq(EVP_PKEY_eq(pkey, pkey2), 1)) 3632 goto done; 3633 # endif 3634 3635 ret = 1; 3636 3637 done: 3638 EVP_PKEY_CTX_free(ctx); 3639 EVP_PKEY_free(pkey); 3640 # ifndef OPENSSL_NO_DEPRECATED_3_0 3641 EVP_PKEY_free(pkey2); 3642 EC_KEY_free(ec); 3643 # endif 3644 return ret; 3645 } 3646 #endif 3647 3648 static int test_EVP_rsa_pss_with_keygen_bits(void) 3649 { 3650 int ret = 0; 3651 EVP_PKEY_CTX *ctx = NULL; 3652 EVP_PKEY *pkey = NULL; 3653 EVP_MD *md; 3654 3655 md = EVP_MD_fetch(testctx, "sha256", testpropq); 3656 ret = TEST_ptr(md) 3657 && TEST_ptr((ctx = EVP_PKEY_CTX_new_from_name(testctx, "RSA-PSS", testpropq))) 3658 && TEST_int_gt(EVP_PKEY_keygen_init(ctx), 0) 3659 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 512), 0) 3660 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx, md), 0) 3661 && TEST_true(EVP_PKEY_keygen(ctx, &pkey)); 3662 3663 EVP_MD_free(md); 3664 EVP_PKEY_free(pkey); 3665 EVP_PKEY_CTX_free(ctx); 3666 return ret; 3667 } 3668 3669 static int test_EVP_rsa_pss_set_saltlen(void) 3670 { 3671 int ret = 0; 3672 EVP_PKEY *pkey = NULL; 3673 EVP_PKEY_CTX *pkey_ctx = NULL; 3674 EVP_MD *sha256 = NULL; 3675 EVP_MD_CTX *sha256_ctx = NULL; 3676 int saltlen = 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */ 3677 const int test_value = 32; 3678 3679 ret = TEST_ptr(pkey = load_example_rsa_key()) 3680 && TEST_ptr(sha256 = EVP_MD_fetch(testctx, "sha256", NULL)) 3681 && TEST_ptr(sha256_ctx = EVP_MD_CTX_new()) 3682 && TEST_true(EVP_DigestSignInit(sha256_ctx, &pkey_ctx, sha256, NULL, pkey)) 3683 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING)) 3684 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, test_value), 0) 3685 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx, &saltlen), 0) 3686 && TEST_int_eq(saltlen, test_value); 3687 3688 EVP_MD_CTX_free(sha256_ctx); 3689 EVP_PKEY_free(pkey); 3690 EVP_MD_free(sha256); 3691 3692 return ret; 3693 } 3694 3695 static int success = 1; 3696 static void md_names(const char *name, void *vctx) 3697 { 3698 OSSL_LIB_CTX *ctx = (OSSL_LIB_CTX *)vctx; 3699 /* Force a namemap update */ 3700 EVP_CIPHER *aes128 = EVP_CIPHER_fetch(ctx, "AES-128-CBC", NULL); 3701 3702 if (!TEST_ptr(aes128)) 3703 success = 0; 3704 3705 EVP_CIPHER_free(aes128); 3706 } 3707 3708 /* 3709 * Test that changing the namemap in a user callback works in a names_do_all 3710 * function. 3711 */ 3712 static int test_names_do_all(void) 3713 { 3714 /* We use a custom libctx so that we know the state of the namemap */ 3715 OSSL_LIB_CTX *ctx = OSSL_LIB_CTX_new(); 3716 EVP_MD *sha256 = NULL; 3717 int testresult = 0; 3718 3719 if (!TEST_ptr(ctx)) 3720 goto err; 3721 3722 sha256 = EVP_MD_fetch(ctx, "SHA2-256", NULL); 3723 if (!TEST_ptr(sha256)) 3724 goto err; 3725 3726 /* 3727 * We loop through all the names for a given digest. This should still work 3728 * even if the namemap changes part way through. 3729 */ 3730 if (!TEST_true(EVP_MD_names_do_all(sha256, md_names, ctx))) 3731 goto err; 3732 3733 if (!TEST_true(success)) 3734 goto err; 3735 3736 testresult = 1; 3737 err: 3738 EVP_MD_free(sha256); 3739 OSSL_LIB_CTX_free(ctx); 3740 return testresult; 3741 } 3742 3743 typedef struct { 3744 const char *cipher; 3745 const unsigned char *key; 3746 const unsigned char *iv; 3747 const unsigned char *input; 3748 const unsigned char *expected; 3749 const unsigned char *tag; 3750 size_t ivlen; /* 0 if we do not need to set a specific IV len */ 3751 size_t inlen; 3752 size_t expectedlen; 3753 size_t taglen; 3754 int keyfirst; 3755 int initenc; 3756 int finalenc; 3757 } EVP_INIT_TEST_st; 3758 3759 static const EVP_INIT_TEST_st evp_init_tests[] = { 3760 { 3761 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 3762 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 3763 0, 1, 0, 1 3764 }, 3765 { 3766 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 3767 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 3768 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 3769 sizeof(gcmDefaultTag), 1, 0, 1 3770 }, 3771 { 3772 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext, 3773 cfbCiphertext, NULL, 0, sizeof(cfbPlaintext), sizeof(cfbCiphertext), 3774 0, 0, 0, 1 3775 }, 3776 { 3777 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultPlaintext, 3778 gcmDefaultCiphertext, gcmDefaultTag, sizeof(iGCMDefaultIV), 3779 sizeof(gcmDefaultPlaintext), sizeof(gcmDefaultCiphertext), 3780 sizeof(gcmDefaultTag), 0, 0, 1 3781 }, 3782 { 3783 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 3784 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 3785 0, 1, 1, 0 3786 }, 3787 { 3788 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 3789 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 3790 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 3791 sizeof(gcmDefaultTag), 1, 1, 0 3792 }, 3793 { 3794 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext, 3795 cfbPlaintext, NULL, 0, sizeof(cfbCiphertext), sizeof(cfbPlaintext), 3796 0, 0, 1, 0 3797 }, 3798 { 3799 "aes-256-gcm", kGCMDefaultKey, iGCMDefaultIV, gcmDefaultCiphertext, 3800 gcmDefaultPlaintext, gcmDefaultTag, sizeof(iGCMDefaultIV), 3801 sizeof(gcmDefaultCiphertext), sizeof(gcmDefaultPlaintext), 3802 sizeof(gcmDefaultTag), 0, 1, 0 3803 } 3804 }; 3805 3806 /* use same key, iv and plaintext for cfb and ofb */ 3807 static const EVP_INIT_TEST_st evp_reinit_tests[] = { 3808 { 3809 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 3810 cfbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 3811 sizeof(cfbCiphertext_partial), 0, 0, 1, 0 3812 }, 3813 { 3814 "aes-128-cfb", kCFBDefaultKey, iCFBIV, cfbCiphertext_partial, 3815 cfbPlaintext_partial, NULL, 0, sizeof(cfbCiphertext_partial), 3816 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 3817 }, 3818 { 3819 "aes-128-ofb", kCFBDefaultKey, iCFBIV, cfbPlaintext_partial, 3820 ofbCiphertext_partial, NULL, 0, sizeof(cfbPlaintext_partial), 3821 sizeof(ofbCiphertext_partial), 0, 0, 1, 0 3822 }, 3823 { 3824 "aes-128-ofb", kCFBDefaultKey, iCFBIV, ofbCiphertext_partial, 3825 cfbPlaintext_partial, NULL, 0, sizeof(ofbCiphertext_partial), 3826 sizeof(cfbPlaintext_partial), 0, 0, 0, 0 3827 }, 3828 }; 3829 3830 static int evp_init_seq_set_iv(EVP_CIPHER_CTX *ctx, const EVP_INIT_TEST_st *t) 3831 { 3832 int res = 0; 3833 3834 if (t->ivlen != 0) { 3835 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen, NULL), 0)) 3836 goto err; 3837 } 3838 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv, -1))) 3839 goto err; 3840 res = 1; 3841 err: 3842 return res; 3843 } 3844 3845 /* 3846 * Test step-wise cipher initialization via EVP_CipherInit_ex where the 3847 * arguments are given one at a time and a final adjustment to the enc 3848 * parameter sets the correct operation. 3849 */ 3850 static int test_evp_init_seq(int idx) 3851 { 3852 int outlen1, outlen2; 3853 int testresult = 0; 3854 unsigned char outbuf[1024]; 3855 unsigned char tag[16]; 3856 const EVP_INIT_TEST_st *t = &evp_init_tests[idx]; 3857 EVP_CIPHER_CTX *ctx = NULL; 3858 EVP_CIPHER *type = NULL; 3859 size_t taglen = sizeof(tag); 3860 char *errmsg = NULL; 3861 3862 ctx = EVP_CIPHER_CTX_new(); 3863 if (ctx == NULL) { 3864 errmsg = "CTX_ALLOC"; 3865 goto err; 3866 } 3867 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq))) { 3868 errmsg = "CIPHER_FETCH"; 3869 goto err; 3870 } 3871 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, t->initenc))) { 3872 errmsg = "EMPTY_ENC_INIT"; 3873 goto err; 3874 } 3875 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 3876 errmsg = "PADDING"; 3877 goto err; 3878 } 3879 if (t->keyfirst && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 3880 errmsg = "KEY_INIT (before iv)"; 3881 goto err; 3882 } 3883 if (!evp_init_seq_set_iv(ctx, t)) { 3884 errmsg = "IV_INIT"; 3885 goto err; 3886 } 3887 if (t->keyfirst == 0 && !TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, t->key, NULL, -1))) { 3888 errmsg = "KEY_INIT (after iv)"; 3889 goto err; 3890 } 3891 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, t->finalenc))) { 3892 errmsg = "FINAL_ENC_INIT"; 3893 goto err; 3894 } 3895 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 3896 errmsg = "CIPHER_UPDATE"; 3897 goto err; 3898 } 3899 if (t->finalenc == 0 && t->tag != NULL) { 3900 /* Set expected tag */ 3901 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 3902 t->taglen, (void *)t->tag), 0)) { 3903 errmsg = "SET_TAG"; 3904 goto err; 3905 } 3906 } 3907 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 3908 errmsg = "CIPHER_FINAL"; 3909 goto err; 3910 } 3911 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 3912 errmsg = "WRONG_RESULT"; 3913 goto err; 3914 } 3915 if (t->finalenc != 0 && t->tag != NULL) { 3916 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 3917 errmsg = "GET_TAG"; 3918 goto err; 3919 } 3920 if (!TEST_mem_eq(t->tag, t->taglen, tag, taglen)) { 3921 errmsg = "TAG_ERROR"; 3922 goto err; 3923 } 3924 } 3925 testresult = 1; 3926 err: 3927 if (errmsg != NULL) 3928 TEST_info("evp_init_test %d: %s", idx, errmsg); 3929 EVP_CIPHER_CTX_free(ctx); 3930 EVP_CIPHER_free(type); 3931 return testresult; 3932 } 3933 3934 /* 3935 * Test re-initialization of cipher context without changing key or iv. 3936 * The result of both iteration should be the same. 3937 */ 3938 static int test_evp_reinit_seq(int idx) 3939 { 3940 int outlen1, outlen2, outlen_final; 3941 int testresult = 0; 3942 unsigned char outbuf1[1024]; 3943 unsigned char outbuf2[1024]; 3944 const EVP_INIT_TEST_st *t = &evp_reinit_tests[idx]; 3945 EVP_CIPHER_CTX *ctx = NULL; 3946 EVP_CIPHER *type = NULL; 3947 3948 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 3949 || !TEST_ptr(type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) 3950 /* setup cipher context */ 3951 || !TEST_true(EVP_CipherInit_ex2(ctx, type, t->key, t->iv, t->initenc, NULL)) 3952 /* first iteration */ 3953 || !TEST_true(EVP_CipherUpdate(ctx, outbuf1, &outlen1, t->input, t->inlen)) 3954 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf1, &outlen_final)) 3955 /* check test results iteration 1 */ 3956 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf1, outlen1 + outlen_final) 3957 /* now re-init the context (same cipher, key and iv) */ 3958 || !TEST_true(EVP_CipherInit_ex2(ctx, NULL, NULL, NULL, -1, NULL)) 3959 /* second iteration */ 3960 || !TEST_true(EVP_CipherUpdate(ctx, outbuf2, &outlen2, t->input, t->inlen)) 3961 || !TEST_true(EVP_CipherFinal_ex(ctx, outbuf2, &outlen_final)) 3962 /* check test results iteration 2 */ 3963 || !TEST_mem_eq(t->expected, t->expectedlen, outbuf2, outlen2 + outlen_final)) 3964 goto err; 3965 testresult = 1; 3966 err: 3967 EVP_CIPHER_CTX_free(ctx); 3968 EVP_CIPHER_free(type); 3969 return testresult; 3970 } 3971 3972 typedef struct { 3973 const unsigned char *input; 3974 const unsigned char *expected; 3975 size_t inlen; 3976 size_t expectedlen; 3977 int enc; 3978 } EVP_RESET_TEST_st; 3979 3980 static const EVP_RESET_TEST_st evp_reset_tests[] = { 3981 { 3982 cfbPlaintext, cfbCiphertext, 3983 sizeof(cfbPlaintext), sizeof(cfbCiphertext), 1 3984 }, 3985 { 3986 cfbCiphertext, cfbPlaintext, 3987 sizeof(cfbCiphertext), sizeof(cfbPlaintext), 0 3988 } 3989 }; 3990 3991 /* 3992 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already 3993 * been used. 3994 */ 3995 static int test_evp_reset(int idx) 3996 { 3997 const EVP_RESET_TEST_st *t = &evp_reset_tests[idx]; 3998 int outlen1, outlen2; 3999 int testresult = 0; 4000 unsigned char outbuf[1024]; 4001 EVP_CIPHER_CTX *ctx = NULL; 4002 EVP_CIPHER *type = NULL; 4003 char *errmsg = NULL; 4004 4005 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 4006 errmsg = "CTX_ALLOC"; 4007 goto err; 4008 } 4009 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-128-cfb", testpropq))) { 4010 errmsg = "CIPHER_FETCH"; 4011 goto err; 4012 } 4013 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 4014 errmsg = "CIPHER_INIT"; 4015 goto err; 4016 } 4017 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 4018 errmsg = "PADDING"; 4019 goto err; 4020 } 4021 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 4022 errmsg = "CIPHER_UPDATE"; 4023 goto err; 4024 } 4025 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4026 errmsg = "CIPHER_FINAL"; 4027 goto err; 4028 } 4029 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 4030 errmsg = "WRONG_RESULT"; 4031 goto err; 4032 } 4033 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, NULL, -1))) { 4034 errmsg = "CIPHER_REINIT"; 4035 goto err; 4036 } 4037 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, t->input, t->inlen))) { 4038 errmsg = "CIPHER_UPDATE (reinit)"; 4039 goto err; 4040 } 4041 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4042 errmsg = "CIPHER_FINAL (reinit)"; 4043 goto err; 4044 } 4045 if (!TEST_mem_eq(t->expected, t->expectedlen, outbuf, outlen1 + outlen2)) { 4046 errmsg = "WRONG_RESULT (reinit)"; 4047 goto err; 4048 } 4049 testresult = 1; 4050 err: 4051 if (errmsg != NULL) 4052 TEST_info("test_evp_reset %d: %s", idx, errmsg); 4053 EVP_CIPHER_CTX_free(ctx); 4054 EVP_CIPHER_free(type); 4055 return testresult; 4056 } 4057 4058 typedef struct { 4059 const char *cipher; 4060 int enc; 4061 } EVP_UPDATED_IV_TEST_st; 4062 4063 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests[] = { 4064 { 4065 "aes-128-cfb", 1 4066 }, 4067 { 4068 "aes-128-cfb", 0 4069 }, 4070 { 4071 "aes-128-cfb1", 1 4072 }, 4073 { 4074 "aes-128-cfb1", 0 4075 }, 4076 { 4077 "aes-128-cfb8", 1 4078 }, 4079 { 4080 "aes-128-cfb8", 0 4081 }, 4082 { 4083 "aes-128-ofb", 1 4084 }, 4085 { 4086 "aes-128-ofb", 0 4087 }, 4088 { 4089 "aes-128-ctr", 1 4090 }, 4091 { 4092 "aes-128-ctr", 0 4093 }, 4094 { 4095 "aes-128-cbc", 1 4096 }, 4097 { 4098 "aes-128-cbc", 0 4099 } 4100 }; 4101 4102 /* 4103 * Test that the IV in the context is updated during a crypto operation for CFB 4104 * and OFB. 4105 */ 4106 static int test_evp_updated_iv(int idx) 4107 { 4108 const EVP_UPDATED_IV_TEST_st *t = &evp_updated_iv_tests[idx]; 4109 int outlen1, outlen2; 4110 int testresult = 0; 4111 unsigned char outbuf[1024]; 4112 EVP_CIPHER_CTX *ctx = NULL; 4113 EVP_CIPHER *type = NULL; 4114 unsigned char updated_iv[EVP_MAX_IV_LENGTH]; 4115 int iv_len; 4116 char *errmsg = NULL; 4117 4118 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 4119 errmsg = "CTX_ALLOC"; 4120 goto err; 4121 } 4122 if ((type = EVP_CIPHER_fetch(testctx, t->cipher, testpropq)) == NULL) { 4123 TEST_info("cipher %s not supported, skipping", t->cipher); 4124 goto ok; 4125 } 4126 4127 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, kCFBDefaultKey, iCFBIV, t->enc))) { 4128 errmsg = "CIPHER_INIT"; 4129 goto err; 4130 } 4131 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx, 0))) { 4132 errmsg = "PADDING"; 4133 goto err; 4134 } 4135 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, cfbPlaintext, sizeof(cfbPlaintext)))) { 4136 errmsg = "CIPHER_UPDATE"; 4137 goto err; 4138 } 4139 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx, updated_iv, sizeof(updated_iv)))) { 4140 errmsg = "CIPHER_CTX_GET_UPDATED_IV"; 4141 goto err; 4142 } 4143 if (!TEST_true(iv_len = EVP_CIPHER_CTX_get_iv_length(ctx))) { 4144 errmsg = "CIPHER_CTX_GET_IV_LEN"; 4145 goto err; 4146 } 4147 if (!TEST_mem_ne(iCFBIV, sizeof(iCFBIV), updated_iv, iv_len)) { 4148 errmsg = "IV_NOT_UPDATED"; 4149 goto err; 4150 } 4151 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4152 errmsg = "CIPHER_FINAL"; 4153 goto err; 4154 } 4155 ok: 4156 testresult = 1; 4157 err: 4158 if (errmsg != NULL) 4159 TEST_info("test_evp_updated_iv %d: %s", idx, errmsg); 4160 EVP_CIPHER_CTX_free(ctx); 4161 EVP_CIPHER_free(type); 4162 return testresult; 4163 } 4164 4165 typedef struct { 4166 const unsigned char *iv1; 4167 const unsigned char *iv2; 4168 const unsigned char *expected1; 4169 const unsigned char *expected2; 4170 const unsigned char *tag1; 4171 const unsigned char *tag2; 4172 size_t ivlen1; 4173 size_t ivlen2; 4174 size_t expectedlen1; 4175 size_t expectedlen2; 4176 } TEST_GCM_IV_REINIT_st; 4177 4178 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests[] = { 4179 { 4180 iGCMResetIV1, iGCMResetIV2, gcmResetCiphertext1, gcmResetCiphertext2, 4181 gcmResetTag1, gcmResetTag2, sizeof(iGCMResetIV1), sizeof(iGCMResetIV2), 4182 sizeof(gcmResetCiphertext1), sizeof(gcmResetCiphertext2) 4183 }, 4184 { 4185 iGCMResetIV2, iGCMResetIV1, gcmResetCiphertext2, gcmResetCiphertext1, 4186 gcmResetTag2, gcmResetTag1, sizeof(iGCMResetIV2), sizeof(iGCMResetIV1), 4187 sizeof(gcmResetCiphertext2), sizeof(gcmResetCiphertext1) 4188 } 4189 }; 4190 4191 static int test_gcm_reinit(int idx) 4192 { 4193 int outlen1, outlen2, outlen3; 4194 int testresult = 0; 4195 unsigned char outbuf[1024]; 4196 unsigned char tag[16]; 4197 const TEST_GCM_IV_REINIT_st *t = &gcm_reinit_tests[idx]; 4198 EVP_CIPHER_CTX *ctx = NULL; 4199 EVP_CIPHER *type = NULL; 4200 size_t taglen = sizeof(tag); 4201 char *errmsg = NULL; 4202 4203 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) { 4204 errmsg = "CTX_ALLOC"; 4205 goto err; 4206 } 4207 if (!TEST_ptr(type = EVP_CIPHER_fetch(testctx, "aes-256-gcm", testpropq))) { 4208 errmsg = "CIPHER_FETCH"; 4209 goto err; 4210 } 4211 if (!TEST_true(EVP_CipherInit_ex(ctx, type, NULL, NULL, NULL, 1))) { 4212 errmsg = "ENC_INIT"; 4213 goto err; 4214 } 4215 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen1, NULL), 0)) { 4216 errmsg = "SET_IVLEN1"; 4217 goto err; 4218 } 4219 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, kGCMResetKey, t->iv1, 1))) { 4220 errmsg = "SET_IV1"; 4221 goto err; 4222 } 4223 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 4224 errmsg = "AAD1"; 4225 goto err; 4226 } 4227 EVP_CIPHER_CTX_set_padding(ctx, 0); 4228 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 4229 sizeof(gcmResetPlaintext)))) { 4230 errmsg = "CIPHER_UPDATE1"; 4231 goto err; 4232 } 4233 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4234 errmsg = "CIPHER_FINAL1"; 4235 goto err; 4236 } 4237 if (!TEST_mem_eq(t->expected1, t->expectedlen1, outbuf, outlen1 + outlen2)) { 4238 errmsg = "WRONG_RESULT1"; 4239 goto err; 4240 } 4241 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 4242 errmsg = "GET_TAG1"; 4243 goto err; 4244 } 4245 if (!TEST_mem_eq(t->tag1, taglen, tag, taglen)) { 4246 errmsg = "TAG_ERROR1"; 4247 goto err; 4248 } 4249 /* Now reinit */ 4250 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, t->ivlen2, NULL), 0)) { 4251 errmsg = "SET_IVLEN2"; 4252 goto err; 4253 } 4254 if (!TEST_true(EVP_CipherInit_ex(ctx, NULL, NULL, NULL, t->iv2, -1))) { 4255 errmsg = "SET_IV2"; 4256 goto err; 4257 } 4258 if (!TEST_true(EVP_CipherUpdate(ctx, NULL, &outlen3, gcmAAD, sizeof(gcmAAD)))) { 4259 errmsg = "AAD2"; 4260 goto err; 4261 } 4262 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen1, gcmResetPlaintext, 4263 sizeof(gcmResetPlaintext)))) { 4264 errmsg = "CIPHER_UPDATE2"; 4265 goto err; 4266 } 4267 if (!TEST_true(EVP_CipherFinal_ex(ctx, outbuf + outlen1, &outlen2))) { 4268 errmsg = "CIPHER_FINAL2"; 4269 goto err; 4270 } 4271 if (!TEST_mem_eq(t->expected2, t->expectedlen2, outbuf, outlen1 + outlen2)) { 4272 errmsg = "WRONG_RESULT2"; 4273 goto err; 4274 } 4275 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, taglen, tag), 0)) { 4276 errmsg = "GET_TAG2"; 4277 goto err; 4278 } 4279 if (!TEST_mem_eq(t->tag2, taglen, tag, taglen)) { 4280 errmsg = "TAG_ERROR2"; 4281 goto err; 4282 } 4283 testresult = 1; 4284 err: 4285 if (errmsg != NULL) 4286 TEST_info("evp_init_test %d: %s", idx, errmsg); 4287 EVP_CIPHER_CTX_free(ctx); 4288 EVP_CIPHER_free(type); 4289 return testresult; 4290 } 4291 4292 static const char *ivlen_change_ciphers[] = { 4293 "AES-256-GCM", 4294 #ifndef OPENSSL_NO_OCB 4295 "AES-256-OCB", 4296 #endif 4297 "AES-256-CCM" 4298 }; 4299 4300 /* Negative test for ivlen change after iv being set */ 4301 static int test_ivlen_change(int idx) 4302 { 4303 int outlen; 4304 int res = 0; 4305 unsigned char outbuf[1024]; 4306 static const unsigned char iv[] = { 4307 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 4308 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 4309 }; 4310 EVP_CIPHER_CTX *ctx = NULL; 4311 EVP_CIPHER *ciph = NULL; 4312 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 4313 size_t ivlen = 13; /* non-default IV length */ 4314 4315 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 4316 goto err; 4317 4318 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, ivlen_change_ciphers[idx], 4319 testpropq))) 4320 goto err; 4321 4322 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, kGCMDefaultKey, iv, 1))) 4323 goto err; 4324 4325 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 4326 sizeof(gcmDefaultPlaintext)))) 4327 goto err; 4328 4329 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 4330 &ivlen); 4331 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 4332 goto err; 4333 4334 ERR_set_mark(); 4335 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 4336 sizeof(gcmDefaultPlaintext)))) { 4337 ERR_clear_last_mark(); 4338 goto err; 4339 } 4340 ERR_pop_to_mark(); 4341 4342 res = 1; 4343 err: 4344 EVP_CIPHER_CTX_free(ctx); 4345 EVP_CIPHER_free(ciph); 4346 return res; 4347 } 4348 4349 static const char *keylen_change_ciphers[] = { 4350 #ifndef OPENSSL_NO_BF 4351 "BF-ECB", 4352 #endif 4353 #ifndef OPENSSL_NO_CAST 4354 "CAST5-ECB", 4355 #endif 4356 #ifndef OPENSSL_NO_RC2 4357 "RC2-ECB", 4358 #endif 4359 #ifndef OPENSSL_NO_RC4 4360 "RC4", 4361 #endif 4362 #ifndef OPENSSL_NO_RC5 4363 "RC5-ECB", 4364 #endif 4365 NULL 4366 }; 4367 4368 /* Negative test for keylen change after key was set */ 4369 static int test_keylen_change(int idx) 4370 { 4371 int outlen; 4372 int res = 0; 4373 unsigned char outbuf[1024]; 4374 static const unsigned char key[] = { 4375 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82, 4376 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34 4377 }; 4378 EVP_CIPHER_CTX *ctx = NULL; 4379 EVP_CIPHER *ciph = NULL; 4380 OSSL_PARAM params[] = { OSSL_PARAM_END, OSSL_PARAM_END }; 4381 size_t keylen = 12; /* non-default key length */ 4382 4383 if (lgcyprov == NULL) 4384 return TEST_skip("Test requires legacy provider to be loaded"); 4385 4386 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new())) 4387 goto err; 4388 4389 if (!TEST_ptr(ciph = EVP_CIPHER_fetch(testctx, keylen_change_ciphers[idx], 4390 testpropq))) 4391 goto err; 4392 4393 if (!TEST_true(EVP_CipherInit_ex(ctx, ciph, NULL, key, NULL, 1))) 4394 goto err; 4395 4396 if (!TEST_true(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 4397 sizeof(gcmDefaultPlaintext)))) 4398 goto err; 4399 4400 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 4401 &keylen); 4402 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params))) 4403 goto err; 4404 4405 ERR_set_mark(); 4406 if (!TEST_false(EVP_CipherUpdate(ctx, outbuf, &outlen, gcmDefaultPlaintext, 4407 sizeof(gcmDefaultPlaintext)))) { 4408 ERR_clear_last_mark(); 4409 goto err; 4410 } 4411 ERR_pop_to_mark(); 4412 4413 res = 1; 4414 err: 4415 EVP_CIPHER_CTX_free(ctx); 4416 EVP_CIPHER_free(ciph); 4417 return res; 4418 } 4419 4420 #ifndef OPENSSL_NO_DEPRECATED_3_0 4421 static EVP_PKEY_METHOD *custom_pmeth = NULL; 4422 static const EVP_PKEY_METHOD *orig_pmeth = NULL; 4423 4424 # define EVP_PKEY_CTRL_MY_COMMAND 9999 4425 4426 static int custom_pmeth_init(EVP_PKEY_CTX *ctx) 4427 { 4428 int (*pinit)(EVP_PKEY_CTX *ctx); 4429 4430 EVP_PKEY_meth_get_init(orig_pmeth, &pinit); 4431 return pinit(ctx); 4432 } 4433 4434 static void custom_pmeth_cleanup(EVP_PKEY_CTX *ctx) 4435 { 4436 void (*pcleanup)(EVP_PKEY_CTX *ctx); 4437 4438 EVP_PKEY_meth_get_cleanup(orig_pmeth, &pcleanup); 4439 pcleanup(ctx); 4440 } 4441 4442 static int custom_pmeth_sign(EVP_PKEY_CTX *ctx, unsigned char *out, 4443 size_t *outlen, const unsigned char *in, 4444 size_t inlen) 4445 { 4446 int (*psign)(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 4447 const unsigned char *tbs, size_t tbslen); 4448 4449 EVP_PKEY_meth_get_sign(orig_pmeth, NULL, &psign); 4450 return psign(ctx, out, outlen, in, inlen); 4451 } 4452 4453 static int custom_pmeth_digestsign(EVP_MD_CTX *ctx, unsigned char *sig, 4454 size_t *siglen, const unsigned char *tbs, 4455 size_t tbslen) 4456 { 4457 int (*pdigestsign)(EVP_MD_CTX *ctx, unsigned char *sig, size_t *siglen, 4458 const unsigned char *tbs, size_t tbslen); 4459 4460 EVP_PKEY_meth_get_digestsign(orig_pmeth, &pdigestsign); 4461 return pdigestsign(ctx, sig, siglen, tbs, tbslen); 4462 } 4463 4464 static int custom_pmeth_derive(EVP_PKEY_CTX *ctx, unsigned char *key, 4465 size_t *keylen) 4466 { 4467 int (*pderive)(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen); 4468 4469 EVP_PKEY_meth_get_derive(orig_pmeth, NULL, &pderive); 4470 return pderive(ctx, key, keylen); 4471 } 4472 4473 static int custom_pmeth_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) 4474 { 4475 int (*pcopy)(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src); 4476 4477 EVP_PKEY_meth_get_copy(orig_pmeth, &pcopy); 4478 return pcopy(dst, src); 4479 } 4480 4481 static int ctrl_called; 4482 4483 static int custom_pmeth_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 4484 { 4485 int (*pctrl)(EVP_PKEY_CTX *ctx, int type, int p1, void *p2); 4486 4487 EVP_PKEY_meth_get_ctrl(orig_pmeth, &pctrl, NULL); 4488 4489 if (type == EVP_PKEY_CTRL_MY_COMMAND) { 4490 ctrl_called = 1; 4491 return 1; 4492 } 4493 4494 return pctrl(ctx, type, p1, p2); 4495 } 4496 4497 static int test_custom_pmeth(int idx) 4498 { 4499 EVP_PKEY_CTX *pctx = NULL; 4500 EVP_MD_CTX *ctx = NULL; 4501 EVP_PKEY *pkey = NULL; 4502 int id, orig_id, orig_flags; 4503 int testresult = 0; 4504 size_t reslen; 4505 unsigned char *res = NULL; 4506 unsigned char msg[] = { 'H', 'e', 'l', 'l', 'o' }; 4507 const EVP_MD *md = EVP_sha256(); 4508 int doderive = 0; 4509 4510 ctrl_called = 0; 4511 4512 /* We call deprecated APIs so this test doesn't support a custom libctx */ 4513 if (testctx != NULL) 4514 return 1; 4515 4516 switch(idx) { 4517 case 0: 4518 case 6: 4519 id = EVP_PKEY_RSA; 4520 pkey = load_example_rsa_key(); 4521 break; 4522 case 1: 4523 case 7: 4524 # ifndef OPENSSL_NO_DSA 4525 id = EVP_PKEY_DSA; 4526 pkey = load_example_dsa_key(); 4527 break; 4528 # else 4529 return 1; 4530 # endif 4531 case 2: 4532 case 8: 4533 # ifndef OPENSSL_NO_EC 4534 id = EVP_PKEY_EC; 4535 pkey = load_example_ec_key(); 4536 break; 4537 # else 4538 return 1; 4539 # endif 4540 case 3: 4541 case 9: 4542 # ifndef OPENSSL_NO_EC 4543 id = EVP_PKEY_ED25519; 4544 md = NULL; 4545 pkey = load_example_ed25519_key(); 4546 break; 4547 # else 4548 return 1; 4549 # endif 4550 case 4: 4551 case 10: 4552 # ifndef OPENSSL_NO_DH 4553 id = EVP_PKEY_DH; 4554 doderive = 1; 4555 pkey = load_example_dh_key(); 4556 break; 4557 # else 4558 return 1; 4559 # endif 4560 case 5: 4561 case 11: 4562 # ifndef OPENSSL_NO_EC 4563 id = EVP_PKEY_X25519; 4564 doderive = 1; 4565 pkey = load_example_x25519_key(); 4566 break; 4567 # else 4568 return 1; 4569 # endif 4570 default: 4571 TEST_error("Should not happen"); 4572 goto err; 4573 } 4574 4575 if (!TEST_ptr(pkey)) 4576 goto err; 4577 4578 if (idx < 6) { 4579 if (!TEST_true(evp_pkey_is_provided(pkey))) 4580 goto err; 4581 } else { 4582 EVP_PKEY *tmp = pkey; 4583 4584 /* Convert to a legacy key */ 4585 pkey = EVP_PKEY_new(); 4586 if (!TEST_ptr(pkey)) { 4587 pkey = tmp; 4588 goto err; 4589 } 4590 if (!TEST_true(evp_pkey_copy_downgraded(&pkey, tmp))) { 4591 EVP_PKEY_free(tmp); 4592 goto err; 4593 } 4594 EVP_PKEY_free(tmp); 4595 if (!TEST_true(evp_pkey_is_legacy(pkey))) 4596 goto err; 4597 } 4598 4599 if (!TEST_ptr(orig_pmeth = EVP_PKEY_meth_find(id)) 4600 || !TEST_ptr(pkey)) 4601 goto err; 4602 4603 EVP_PKEY_meth_get0_info(&orig_id, &orig_flags, orig_pmeth); 4604 if (!TEST_int_eq(orig_id, id) 4605 || !TEST_ptr(custom_pmeth = EVP_PKEY_meth_new(id, orig_flags))) 4606 goto err; 4607 4608 if (id == EVP_PKEY_ED25519) { 4609 EVP_PKEY_meth_set_digestsign(custom_pmeth, custom_pmeth_digestsign); 4610 } if (id == EVP_PKEY_DH || id == EVP_PKEY_X25519) { 4611 EVP_PKEY_meth_set_derive(custom_pmeth, NULL, custom_pmeth_derive); 4612 } else { 4613 EVP_PKEY_meth_set_sign(custom_pmeth, NULL, custom_pmeth_sign); 4614 } 4615 if (id != EVP_PKEY_ED25519 && id != EVP_PKEY_X25519) { 4616 EVP_PKEY_meth_set_init(custom_pmeth, custom_pmeth_init); 4617 EVP_PKEY_meth_set_cleanup(custom_pmeth, custom_pmeth_cleanup); 4618 EVP_PKEY_meth_set_copy(custom_pmeth, custom_pmeth_copy); 4619 } 4620 EVP_PKEY_meth_set_ctrl(custom_pmeth, custom_pmeth_ctrl, NULL); 4621 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth))) 4622 goto err; 4623 4624 if (doderive) { 4625 pctx = EVP_PKEY_CTX_new(pkey, NULL); 4626 if (!TEST_ptr(pctx) 4627 || !TEST_int_eq(EVP_PKEY_derive_init(pctx), 1) 4628 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 4629 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 4630 1) 4631 || !TEST_int_eq(ctrl_called, 1) 4632 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx, pkey), 1) 4633 || !TEST_int_ge(EVP_PKEY_derive(pctx, NULL, &reslen), 1) 4634 || !TEST_ptr(res = OPENSSL_malloc(reslen)) 4635 || !TEST_int_ge(EVP_PKEY_derive(pctx, res, &reslen), 1)) 4636 goto err; 4637 } else { 4638 ctx = EVP_MD_CTX_new(); 4639 reslen = EVP_PKEY_size(pkey); 4640 res = OPENSSL_malloc(reslen); 4641 if (!TEST_ptr(ctx) 4642 || !TEST_ptr(res) 4643 || !TEST_true(EVP_DigestSignInit(ctx, &pctx, md, NULL, pkey)) 4644 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx, -1, -1, 4645 EVP_PKEY_CTRL_MY_COMMAND, 0, NULL), 4646 1) 4647 || !TEST_int_eq(ctrl_called, 1)) 4648 goto err; 4649 4650 if (id == EVP_PKEY_ED25519) { 4651 if (!TEST_true(EVP_DigestSign(ctx, res, &reslen, msg, sizeof(msg)))) 4652 goto err; 4653 } else { 4654 if (!TEST_true(EVP_DigestUpdate(ctx, msg, sizeof(msg))) 4655 || !TEST_true(EVP_DigestSignFinal(ctx, res, &reslen))) 4656 goto err; 4657 } 4658 } 4659 4660 testresult = 1; 4661 err: 4662 OPENSSL_free(res); 4663 EVP_MD_CTX_free(ctx); 4664 if (doderive) 4665 EVP_PKEY_CTX_free(pctx); 4666 EVP_PKEY_free(pkey); 4667 EVP_PKEY_meth_remove(custom_pmeth); 4668 EVP_PKEY_meth_free(custom_pmeth); 4669 custom_pmeth = NULL; 4670 return testresult; 4671 } 4672 4673 static int test_evp_md_cipher_meth(void) 4674 { 4675 EVP_MD *md = EVP_MD_meth_dup(EVP_sha256()); 4676 EVP_CIPHER *ciph = EVP_CIPHER_meth_dup(EVP_aes_128_cbc()); 4677 int testresult = 0; 4678 4679 if (!TEST_ptr(md) || !TEST_ptr(ciph)) 4680 goto err; 4681 4682 testresult = 1; 4683 4684 err: 4685 EVP_MD_meth_free(md); 4686 EVP_CIPHER_meth_free(ciph); 4687 4688 return testresult; 4689 } 4690 4691 typedef struct { 4692 int data; 4693 } custom_dgst_ctx; 4694 4695 static int custom_md_init_called = 0; 4696 static int custom_md_cleanup_called = 0; 4697 4698 static int custom_md_init(EVP_MD_CTX *ctx) 4699 { 4700 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 4701 4702 if (p == NULL) 4703 return 0; 4704 4705 custom_md_init_called++; 4706 return 1; 4707 } 4708 4709 static int custom_md_cleanup(EVP_MD_CTX *ctx) 4710 { 4711 custom_dgst_ctx *p = EVP_MD_CTX_md_data(ctx); 4712 4713 if (p == NULL) 4714 /* Nothing to do */ 4715 return 1; 4716 4717 custom_md_cleanup_called++; 4718 return 1; 4719 } 4720 4721 static int test_custom_md_meth(void) 4722 { 4723 EVP_MD_CTX *mdctx = NULL; 4724 EVP_MD *tmp = NULL; 4725 char mess[] = "Test Message\n"; 4726 unsigned char md_value[EVP_MAX_MD_SIZE]; 4727 unsigned int md_len; 4728 int testresult = 0; 4729 int nid; 4730 4731 /* 4732 * We are testing deprecated functions. We don't support a non-default 4733 * library context in this test. 4734 */ 4735 if (testctx != NULL) 4736 return TEST_skip("Non-default libctx"); 4737 4738 custom_md_init_called = custom_md_cleanup_called = 0; 4739 4740 nid = OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md"); 4741 if (!TEST_int_ne(nid, NID_undef)) 4742 goto err; 4743 tmp = EVP_MD_meth_new(nid, NID_undef); 4744 if (!TEST_ptr(tmp)) 4745 goto err; 4746 4747 if (!TEST_true(EVP_MD_meth_set_init(tmp, custom_md_init)) 4748 || !TEST_true(EVP_MD_meth_set_cleanup(tmp, custom_md_cleanup)) 4749 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp, 4750 sizeof(custom_dgst_ctx)))) 4751 goto err; 4752 4753 mdctx = EVP_MD_CTX_new(); 4754 if (!TEST_ptr(mdctx) 4755 /* 4756 * Initing our custom md and then initing another md should 4757 * result in the init and cleanup functions of the custom md 4758 * being called. 4759 */ 4760 || !TEST_true(EVP_DigestInit_ex(mdctx, tmp, NULL)) 4761 || !TEST_true(EVP_DigestInit_ex(mdctx, EVP_sha256(), NULL)) 4762 || !TEST_true(EVP_DigestUpdate(mdctx, mess, strlen(mess))) 4763 || !TEST_true(EVP_DigestFinal_ex(mdctx, md_value, &md_len)) 4764 || !TEST_int_eq(custom_md_init_called, 1) 4765 || !TEST_int_eq(custom_md_cleanup_called, 1)) 4766 goto err; 4767 4768 testresult = 1; 4769 err: 4770 EVP_MD_CTX_free(mdctx); 4771 EVP_MD_meth_free(tmp); 4772 return testresult; 4773 } 4774 4775 typedef struct { 4776 int data; 4777 } custom_ciph_ctx; 4778 4779 static int custom_ciph_init_called = 0; 4780 static int custom_ciph_cleanup_called = 0; 4781 4782 static int custom_ciph_init(EVP_CIPHER_CTX *ctx, const unsigned char *key, 4783 const unsigned char *iv, int enc) 4784 { 4785 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 4786 4787 if (p == NULL) 4788 return 0; 4789 4790 custom_ciph_init_called++; 4791 return 1; 4792 } 4793 4794 static int custom_ciph_cleanup(EVP_CIPHER_CTX *ctx) 4795 { 4796 custom_ciph_ctx *p = EVP_CIPHER_CTX_get_cipher_data(ctx); 4797 4798 if (p == NULL) 4799 /* Nothing to do */ 4800 return 1; 4801 4802 custom_ciph_cleanup_called++; 4803 return 1; 4804 } 4805 4806 static int test_custom_ciph_meth(void) 4807 { 4808 EVP_CIPHER_CTX *ciphctx = NULL; 4809 EVP_CIPHER *tmp = NULL; 4810 int testresult = 0; 4811 int nid; 4812 4813 /* 4814 * We are testing deprecated functions. We don't support a non-default 4815 * library context in this test. 4816 */ 4817 if (testctx != NULL) 4818 return TEST_skip("Non-default libctx"); 4819 4820 custom_ciph_init_called = custom_ciph_cleanup_called = 0; 4821 4822 nid = OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph"); 4823 if (!TEST_int_ne(nid, NID_undef)) 4824 goto err; 4825 tmp = EVP_CIPHER_meth_new(nid, 16, 16); 4826 if (!TEST_ptr(tmp)) 4827 goto err; 4828 4829 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp, custom_ciph_init)) 4830 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp, EVP_CIPH_ALWAYS_CALL_INIT)) 4831 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp, custom_ciph_cleanup)) 4832 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp, 4833 sizeof(custom_ciph_ctx)))) 4834 goto err; 4835 4836 ciphctx = EVP_CIPHER_CTX_new(); 4837 if (!TEST_ptr(ciphctx) 4838 /* 4839 * Initing our custom cipher and then initing another cipher 4840 * should result in the init and cleanup functions of the custom 4841 * cipher being called. 4842 */ 4843 || !TEST_true(EVP_CipherInit_ex(ciphctx, tmp, NULL, NULL, NULL, 1)) 4844 || !TEST_true(EVP_CipherInit_ex(ciphctx, EVP_aes_128_cbc(), NULL, 4845 NULL, NULL, 1)) 4846 || !TEST_int_eq(custom_ciph_init_called, 1) 4847 || !TEST_int_eq(custom_ciph_cleanup_called, 1)) 4848 goto err; 4849 4850 testresult = 1; 4851 err: 4852 EVP_CIPHER_CTX_free(ciphctx); 4853 EVP_CIPHER_meth_free(tmp); 4854 return testresult; 4855 } 4856 4857 # ifndef OPENSSL_NO_DYNAMIC_ENGINE 4858 /* Test we can create a signature keys with an associated ENGINE */ 4859 static int test_signatures_with_engine(int tst) 4860 { 4861 ENGINE *e; 4862 const char *engine_id = "dasync"; 4863 EVP_PKEY *pkey = NULL; 4864 const unsigned char badcmackey[] = { 0x00, 0x01 }; 4865 const unsigned char cmackey[] = { 4866 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4867 0x0c, 0x0d, 0x0e, 0x0f 4868 }; 4869 const unsigned char ed25519key[] = { 4870 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4871 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 4872 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f 4873 }; 4874 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 4875 int testresult = 0; 4876 EVP_MD_CTX *ctx = NULL; 4877 unsigned char *mac = NULL; 4878 size_t maclen = 0; 4879 int ret; 4880 4881 # ifdef OPENSSL_NO_CMAC 4882 /* Skip CMAC tests in a no-cmac build */ 4883 if (tst <= 1) 4884 return 1; 4885 # endif 4886 4887 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 4888 return 0; 4889 4890 if (!TEST_true(ENGINE_init(e))) { 4891 ENGINE_free(e); 4892 return 0; 4893 } 4894 4895 switch (tst) { 4896 case 0: 4897 pkey = EVP_PKEY_new_CMAC_key(e, cmackey, sizeof(cmackey), 4898 EVP_aes_128_cbc()); 4899 break; 4900 case 1: 4901 pkey = EVP_PKEY_new_CMAC_key(e, badcmackey, sizeof(badcmackey), 4902 EVP_aes_128_cbc()); 4903 break; 4904 case 2: 4905 pkey = EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519, e, ed25519key, 4906 sizeof(ed25519key)); 4907 break; 4908 default: 4909 TEST_error("Invalid test case"); 4910 goto err; 4911 } 4912 if (!TEST_ptr(pkey)) 4913 goto err; 4914 4915 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 4916 goto err; 4917 4918 ret = EVP_DigestSignInit(ctx, NULL, tst == 2 ? NULL : EVP_sha256(), NULL, 4919 pkey); 4920 if (tst == 0) { 4921 if (!TEST_true(ret)) 4922 goto err; 4923 4924 if (!TEST_true(EVP_DigestSignUpdate(ctx, msg, sizeof(msg))) 4925 || !TEST_true(EVP_DigestSignFinal(ctx, NULL, &maclen))) 4926 goto err; 4927 4928 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 4929 goto err; 4930 4931 if (!TEST_true(EVP_DigestSignFinal(ctx, mac, &maclen))) 4932 goto err; 4933 } else { 4934 /* We used a bad key. We expect a failure here */ 4935 if (!TEST_false(ret)) 4936 goto err; 4937 } 4938 4939 testresult = 1; 4940 err: 4941 EVP_MD_CTX_free(ctx); 4942 OPENSSL_free(mac); 4943 EVP_PKEY_free(pkey); 4944 ENGINE_finish(e); 4945 ENGINE_free(e); 4946 4947 return testresult; 4948 } 4949 4950 static int test_cipher_with_engine(void) 4951 { 4952 ENGINE *e; 4953 const char *engine_id = "dasync"; 4954 const unsigned char keyiv[] = { 4955 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 4956 0x0c, 0x0d, 0x0e, 0x0f 4957 }; 4958 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 4959 int testresult = 0; 4960 EVP_CIPHER_CTX *ctx = NULL, *ctx2 = NULL; 4961 unsigned char buf[AES_BLOCK_SIZE]; 4962 int len = 0; 4963 4964 if (!TEST_ptr(e = ENGINE_by_id(engine_id))) 4965 return 0; 4966 4967 if (!TEST_true(ENGINE_init(e))) { 4968 ENGINE_free(e); 4969 return 0; 4970 } 4971 4972 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 4973 || !TEST_ptr(ctx2 = EVP_CIPHER_CTX_new())) 4974 goto err; 4975 4976 if (!TEST_true(EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), e, keyiv, keyiv))) 4977 goto err; 4978 4979 /* Copy the ctx, and complete the operation with the new ctx */ 4980 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2, ctx))) 4981 goto err; 4982 4983 if (!TEST_true(EVP_EncryptUpdate(ctx2, buf, &len, msg, sizeof(msg))) 4984 || !TEST_true(EVP_EncryptFinal_ex(ctx2, buf + len, &len))) 4985 goto err; 4986 4987 testresult = 1; 4988 err: 4989 EVP_CIPHER_CTX_free(ctx); 4990 EVP_CIPHER_CTX_free(ctx2); 4991 ENGINE_finish(e); 4992 ENGINE_free(e); 4993 4994 return testresult; 4995 } 4996 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */ 4997 #endif /* OPENSSL_NO_DEPRECATED_3_0 */ 4998 4999 static int ecxnids[] = { 5000 NID_X25519, 5001 NID_X448, 5002 NID_ED25519, 5003 NID_ED448 5004 }; 5005 5006 /* Test that creating ECX keys with a short private key fails as expected */ 5007 static int test_ecx_short_keys(int tst) 5008 { 5009 unsigned char ecxkeydata = 1; 5010 EVP_PKEY *pkey; 5011 5012 5013 pkey = EVP_PKEY_new_raw_private_key_ex(testctx, OBJ_nid2sn(ecxnids[tst]), 5014 NULL, &ecxkeydata, 1); 5015 if (!TEST_ptr_null(pkey)) { 5016 EVP_PKEY_free(pkey); 5017 return 0; 5018 } 5019 5020 return 1; 5021 } 5022 5023 typedef enum OPTION_choice { 5024 OPT_ERR = -1, 5025 OPT_EOF = 0, 5026 OPT_CONTEXT, 5027 OPT_TEST_ENUM 5028 } OPTION_CHOICE; 5029 5030 const OPTIONS *test_get_options(void) 5031 { 5032 static const OPTIONS options[] = { 5033 OPT_TEST_OPTIONS_DEFAULT_USAGE, 5034 { "context", OPT_CONTEXT, '-', "Explicitly use a non-default library context" }, 5035 { NULL } 5036 }; 5037 return options; 5038 } 5039 5040 #ifndef OPENSSL_NO_EC 5041 /* Test that trying to sign with a public key errors out gracefully */ 5042 static int test_ecx_not_private_key(int tst) 5043 { 5044 EVP_PKEY *pkey = NULL; 5045 5046 const unsigned char msg[] = { 0x00, 0x01, 0x02, 0x03 }; 5047 int testresult = 0; 5048 EVP_MD_CTX *ctx = NULL; 5049 unsigned char *mac = NULL; 5050 size_t maclen = 0; 5051 unsigned char *pubkey; 5052 size_t pubkeylen; 5053 5054 switch (keys[tst].type) { 5055 case NID_X25519: 5056 case NID_X448: 5057 return TEST_skip("signing not supported for X25519/X448"); 5058 } 5059 5060 /* Check if this algorithm supports public keys */ 5061 if (keys[tst].pub == NULL) 5062 return TEST_skip("no public key present"); 5063 5064 pubkey = (unsigned char *)keys[tst].pub; 5065 pubkeylen = strlen(keys[tst].pub); 5066 5067 pkey = EVP_PKEY_new_raw_public_key_ex(testctx, OBJ_nid2sn(keys[tst].type), 5068 NULL, pubkey, pubkeylen); 5069 if (!TEST_ptr(pkey)) 5070 goto err; 5071 5072 if (!TEST_ptr(ctx = EVP_MD_CTX_new())) 5073 goto err; 5074 5075 if (EVP_DigestSignInit(ctx, NULL, NULL, NULL, pkey) != 1) 5076 goto check_err; 5077 5078 if (EVP_DigestSign(ctx, NULL, &maclen, msg, sizeof(msg)) != 1) 5079 goto check_err; 5080 5081 if (!TEST_ptr(mac = OPENSSL_malloc(maclen))) 5082 goto err; 5083 5084 if (!TEST_int_eq(EVP_DigestSign(ctx, mac, &maclen, msg, sizeof(msg)), 0)) 5085 goto err; 5086 5087 check_err: 5088 /* 5089 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY, 5090 * but we relax the check to allow error also thrown by 5091 * EVP_DigestSignInit and EVP_DigestSign. 5092 */ 5093 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY) { 5094 testresult = 1; 5095 ERR_clear_error(); 5096 } 5097 5098 err: 5099 EVP_MD_CTX_free(ctx); 5100 OPENSSL_free(mac); 5101 EVP_PKEY_free(pkey); 5102 5103 return testresult; 5104 } 5105 #endif /* OPENSSL_NO_EC */ 5106 5107 static int aes_gcm_encrypt(const unsigned char *gcm_key, size_t gcm_key_s, 5108 const unsigned char *gcm_iv, size_t gcm_ivlen, 5109 const unsigned char *gcm_pt, size_t gcm_pt_s, 5110 const unsigned char *gcm_aad, size_t gcm_aad_s, 5111 const unsigned char *gcm_ct, size_t gcm_ct_s, 5112 const unsigned char *gcm_tag, size_t gcm_tag_s) 5113 { 5114 int ret = 0; 5115 EVP_CIPHER_CTX *ctx; 5116 EVP_CIPHER *cipher = NULL; 5117 int outlen, tmplen; 5118 unsigned char outbuf[1024]; 5119 unsigned char outtag[16]; 5120 OSSL_PARAM params[2] = { 5121 OSSL_PARAM_END, OSSL_PARAM_END 5122 }; 5123 5124 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 5125 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", ""))) 5126 goto err; 5127 5128 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 5129 &gcm_ivlen); 5130 5131 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 5132 || (gcm_aad != NULL 5133 && !TEST_true(EVP_EncryptUpdate(ctx, NULL, &outlen, 5134 gcm_aad, gcm_aad_s))) 5135 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 5136 gcm_pt, gcm_pt_s)) 5137 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 5138 goto err; 5139 5140 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 5141 outtag, sizeof(outtag)); 5142 5143 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx, params)) 5144 || !TEST_mem_eq(outbuf, outlen, gcm_ct, gcm_ct_s) 5145 || !TEST_mem_eq(outtag, gcm_tag_s, gcm_tag, gcm_tag_s)) 5146 goto err; 5147 5148 ret = 1; 5149 err: 5150 EVP_CIPHER_free(cipher); 5151 EVP_CIPHER_CTX_free(ctx); 5152 5153 return ret; 5154 } 5155 5156 static int aes_gcm_decrypt(const unsigned char *gcm_key, size_t gcm_key_s, 5157 const unsigned char *gcm_iv, size_t gcm_ivlen, 5158 const unsigned char *gcm_pt, size_t gcm_pt_s, 5159 const unsigned char *gcm_aad, size_t gcm_aad_s, 5160 const unsigned char *gcm_ct, size_t gcm_ct_s, 5161 const unsigned char *gcm_tag, size_t gcm_tag_s) 5162 { 5163 int ret = 0; 5164 EVP_CIPHER_CTX *ctx; 5165 EVP_CIPHER *cipher = NULL; 5166 int outlen; 5167 unsigned char outbuf[1024]; 5168 OSSL_PARAM params[2] = { 5169 OSSL_PARAM_END, OSSL_PARAM_END 5170 }; 5171 5172 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 5173 goto err; 5174 5175 if ((cipher = EVP_CIPHER_fetch(testctx, "AES-256-GCM", "")) == NULL) 5176 goto err; 5177 5178 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN, 5179 &gcm_ivlen); 5180 5181 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, gcm_key, gcm_iv, params)) 5182 || (gcm_aad != NULL 5183 && !TEST_true(EVP_DecryptUpdate(ctx, NULL, &outlen, 5184 gcm_aad, gcm_aad_s))) 5185 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 5186 gcm_ct, gcm_ct_s)) 5187 || !TEST_mem_eq(outbuf, outlen, gcm_pt, gcm_pt_s)) 5188 goto err; 5189 5190 params[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG, 5191 (void*)gcm_tag, gcm_tag_s); 5192 5193 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx, params)) 5194 ||!TEST_true(EVP_DecryptFinal_ex(ctx, outbuf, &outlen))) 5195 goto err; 5196 5197 ret = 1; 5198 err: 5199 EVP_CIPHER_free(cipher); 5200 EVP_CIPHER_CTX_free(ctx); 5201 5202 return ret; 5203 } 5204 5205 static int test_aes_gcm_ivlen_change_cve_2023_5363(void) 5206 { 5207 /* AES-GCM test data obtained from NIST public test vectors */ 5208 static const unsigned char gcm_key[] = { 5209 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf, 5210 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84, 5211 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b, 5212 }; 5213 static const unsigned char gcm_iv[] = { 5214 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8, 5215 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca, 5216 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14, 5217 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09, 5218 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8, 5219 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24, 5220 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0, 5221 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54, 5222 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc, 5223 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b, 5224 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d, 5225 }; 5226 static const unsigned char gcm_pt[] = { 5227 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07, 5228 0x4f, 0xe3, 0x6f, 0x81, 5229 }; 5230 static const unsigned char gcm_ct[] = { 5231 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3, 5232 0xe2, 0xd0, 0xec, 0xed, 5233 }; 5234 static const unsigned char gcm_tag[] = { 5235 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63, 5236 0xdb, 0x99, 0x6c, 0x21, 5237 }; 5238 5239 return aes_gcm_encrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 5240 gcm_pt, sizeof(gcm_pt), NULL, 0, 5241 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)) 5242 && aes_gcm_decrypt(gcm_key, sizeof(gcm_key), gcm_iv, sizeof(gcm_iv), 5243 gcm_pt, sizeof(gcm_pt), NULL, 0, 5244 gcm_ct, sizeof(gcm_ct), gcm_tag, sizeof(gcm_tag)); 5245 } 5246 5247 #ifndef OPENSSL_NO_RC4 5248 static int rc4_encrypt(const unsigned char *rc4_key, size_t rc4_key_s, 5249 const unsigned char *rc4_pt, size_t rc4_pt_s, 5250 const unsigned char *rc4_ct, size_t rc4_ct_s) 5251 { 5252 int ret = 0; 5253 EVP_CIPHER_CTX *ctx; 5254 EVP_CIPHER *cipher = NULL; 5255 int outlen, tmplen; 5256 unsigned char outbuf[1024]; 5257 OSSL_PARAM params[2] = { 5258 OSSL_PARAM_END, OSSL_PARAM_END 5259 }; 5260 5261 if (!TEST_ptr(ctx = EVP_CIPHER_CTX_new()) 5262 || !TEST_ptr(cipher = EVP_CIPHER_fetch(testctx, "RC4", ""))) 5263 goto err; 5264 5265 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 5266 &rc4_key_s); 5267 5268 if (!TEST_true(EVP_EncryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 5269 || !TEST_true(EVP_EncryptUpdate(ctx, outbuf, &outlen, 5270 rc4_pt, rc4_pt_s)) 5271 || !TEST_true(EVP_EncryptFinal_ex(ctx, outbuf, &tmplen))) 5272 goto err; 5273 5274 if (!TEST_mem_eq(outbuf, outlen, rc4_ct, rc4_ct_s)) 5275 goto err; 5276 5277 ret = 1; 5278 err: 5279 EVP_CIPHER_free(cipher); 5280 EVP_CIPHER_CTX_free(ctx); 5281 5282 return ret; 5283 } 5284 5285 static int rc4_decrypt(const unsigned char *rc4_key, size_t rc4_key_s, 5286 const unsigned char *rc4_pt, size_t rc4_pt_s, 5287 const unsigned char *rc4_ct, size_t rc4_ct_s) 5288 { 5289 int ret = 0; 5290 EVP_CIPHER_CTX *ctx; 5291 EVP_CIPHER *cipher = NULL; 5292 int outlen; 5293 unsigned char outbuf[1024]; 5294 OSSL_PARAM params[2] = { 5295 OSSL_PARAM_END, OSSL_PARAM_END 5296 }; 5297 5298 if ((ctx = EVP_CIPHER_CTX_new()) == NULL) 5299 goto err; 5300 5301 if ((cipher = EVP_CIPHER_fetch(testctx, "RC4", "")) == NULL) 5302 goto err; 5303 5304 params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, 5305 &rc4_key_s); 5306 5307 if (!TEST_true(EVP_DecryptInit_ex2(ctx, cipher, rc4_key, NULL, params)) 5308 || !TEST_true(EVP_DecryptUpdate(ctx, outbuf, &outlen, 5309 rc4_ct, rc4_ct_s)) 5310 || !TEST_mem_eq(outbuf, outlen, rc4_pt, rc4_pt_s)) 5311 goto err; 5312 5313 ret = 1; 5314 err: 5315 EVP_CIPHER_free(cipher); 5316 EVP_CIPHER_CTX_free(ctx); 5317 5318 return ret; 5319 } 5320 5321 static int test_aes_rc4_keylen_change_cve_2023_5363(void) 5322 { 5323 /* RC4 test data obtained from RFC 6229 */ 5324 static const struct { 5325 unsigned char key[5]; 5326 unsigned char padding[11]; 5327 } rc4_key = { 5328 { /* Five bytes of key material */ 5329 0x83, 0x32, 0x22, 0x77, 0x2a, 5330 }, 5331 { /* Random padding to 16 bytes */ 5332 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91 5333 } 5334 }; 5335 static const unsigned char rc4_pt[] = { 5336 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 5337 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 5338 }; 5339 static const unsigned char rc4_ct[] = { 5340 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 5341 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda 5342 }; 5343 5344 if (lgcyprov == NULL) 5345 return TEST_skip("Test requires legacy provider to be loaded"); 5346 5347 return rc4_encrypt(rc4_key.key, sizeof(rc4_key.key), 5348 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)) 5349 && rc4_decrypt(rc4_key.key, sizeof(rc4_key.key), 5350 rc4_pt, sizeof(rc4_pt), rc4_ct, sizeof(rc4_ct)); 5351 } 5352 #endif 5353 5354 static int test_invalid_ctx_for_digest(void) 5355 { 5356 int ret; 5357 EVP_MD_CTX *mdctx; 5358 5359 mdctx = EVP_MD_CTX_new(); 5360 if (!TEST_ptr(mdctx)) 5361 return 0; 5362 5363 if (!TEST_int_eq(EVP_DigestUpdate(mdctx, "test", sizeof("test") - 1), 0)) 5364 ret = 0; 5365 else 5366 ret = 1; 5367 5368 EVP_MD_CTX_free(mdctx); 5369 5370 return ret; 5371 } 5372 5373 int setup_tests(void) 5374 { 5375 OPTION_CHOICE o; 5376 5377 while ((o = opt_next()) != OPT_EOF) { 5378 switch (o) { 5379 case OPT_CONTEXT: 5380 /* Set up an alternate library context */ 5381 testctx = OSSL_LIB_CTX_new(); 5382 if (!TEST_ptr(testctx)) 5383 return 0; 5384 #ifdef STATIC_LEGACY 5385 /* 5386 * This test is always statically linked against libcrypto. We must not 5387 * attempt to load legacy.so that might be dynamically linked against 5388 * libcrypto. Instead we use a built-in version of the legacy provider. 5389 */ 5390 if (!OSSL_PROVIDER_add_builtin(testctx, "legacy", ossl_legacy_provider_init)) 5391 return 0; 5392 #endif 5393 /* Swap the libctx to test non-default context only */ 5394 nullprov = OSSL_PROVIDER_load(NULL, "null"); 5395 deflprov = OSSL_PROVIDER_load(testctx, "default"); 5396 lgcyprov = OSSL_PROVIDER_load(testctx, "legacy"); 5397 break; 5398 case OPT_TEST_CASES: 5399 break; 5400 default: 5401 return 0; 5402 } 5403 } 5404 5405 ADD_TEST(test_EVP_set_default_properties); 5406 ADD_ALL_TESTS(test_EVP_DigestSignInit, 30); 5407 ADD_TEST(test_EVP_DigestVerifyInit); 5408 #ifndef OPENSSL_NO_SIPHASH 5409 ADD_TEST(test_siphash_digestsign); 5410 #endif 5411 ADD_TEST(test_EVP_Digest); 5412 ADD_TEST(test_EVP_md_null); 5413 ADD_ALL_TESTS(test_EVP_PKEY_sign, 3); 5414 #ifndef OPENSSL_NO_DEPRECATED_3_0 5415 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method, 2); 5416 #endif 5417 ADD_ALL_TESTS(test_EVP_Enveloped, 2); 5418 ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); 5419 ADD_TEST(test_privatekey_to_pkcs8); 5420 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag); 5421 #ifndef OPENSSL_NO_EC 5422 ADD_TEST(test_EVP_PKCS82PKEY); 5423 #endif 5424 #ifndef OPENSSL_NO_EC 5425 ADD_ALL_TESTS(test_EC_keygen_with_enc, OSSL_NELEM(ec_encodings)); 5426 #endif 5427 #if !defined(OPENSSL_NO_SM2) 5428 ADD_TEST(test_EVP_SM2); 5429 ADD_TEST(test_EVP_SM2_verify); 5430 #endif 5431 ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); 5432 #ifndef OPENSSL_NO_DEPRECATED_3_0 5433 custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); 5434 if (!TEST_ptr(custom_pmeth)) 5435 return 0; 5436 EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); 5437 EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); 5438 EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); 5439 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) 5440 return 0; 5441 #endif 5442 ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); 5443 #ifndef OPENSSL_NO_CMAC 5444 ADD_TEST(test_CMAC_keygen); 5445 #endif 5446 ADD_TEST(test_HKDF); 5447 ADD_TEST(test_emptyikm_HKDF); 5448 ADD_TEST(test_empty_salt_info_HKDF); 5449 #ifndef OPENSSL_NO_EC 5450 ADD_TEST(test_X509_PUBKEY_inplace); 5451 ADD_TEST(test_X509_PUBKEY_dup); 5452 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, 5453 OSSL_NELEM(ec_der_pub_keys)); 5454 #endif 5455 #ifndef OPENSSL_NO_DSA 5456 ADD_TEST(test_DSA_get_set_params); 5457 ADD_TEST(test_DSA_priv_pub); 5458 #endif 5459 ADD_TEST(test_RSA_get_set_params); 5460 ADD_TEST(test_RSA_OAEP_set_get_params); 5461 ADD_TEST(test_RSA_OAEP_set_null_label); 5462 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) 5463 ADD_TEST(test_decrypt_null_chunks); 5464 #endif 5465 #ifndef OPENSSL_NO_DH 5466 ADD_TEST(test_DH_priv_pub); 5467 # ifndef OPENSSL_NO_DEPRECATED_3_0 5468 ADD_TEST(test_EVP_PKEY_set1_DH); 5469 # endif 5470 #endif 5471 #ifndef OPENSSL_NO_EC 5472 ADD_TEST(test_EC_priv_pub); 5473 # ifndef OPENSSL_NO_DEPRECATED_3_0 5474 ADD_TEST(test_EC_priv_only_legacy); 5475 # endif 5476 #endif 5477 ADD_ALL_TESTS(test_keygen_with_empty_template, 2); 5478 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider, 2); 5479 5480 ADD_TEST(test_rand_agglomeration); 5481 ADD_ALL_TESTS(test_evp_iv_aes, 12); 5482 #ifndef OPENSSL_NO_DES 5483 ADD_ALL_TESTS(test_evp_iv_des, 6); 5484 #endif 5485 #ifndef OPENSSL_NO_BF 5486 ADD_ALL_TESTS(test_evp_bf_default_keylen, 4); 5487 #endif 5488 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits); 5489 ADD_TEST(test_EVP_rsa_pss_set_saltlen); 5490 #ifndef OPENSSL_NO_EC 5491 ADD_ALL_TESTS(test_ecpub, OSSL_NELEM(ecpub_nids)); 5492 #endif 5493 5494 ADD_TEST(test_names_do_all); 5495 5496 ADD_ALL_TESTS(test_evp_init_seq, OSSL_NELEM(evp_init_tests)); 5497 ADD_ALL_TESTS(test_evp_reset, OSSL_NELEM(evp_reset_tests)); 5498 ADD_ALL_TESTS(test_evp_reinit_seq, OSSL_NELEM(evp_reinit_tests)); 5499 ADD_ALL_TESTS(test_gcm_reinit, OSSL_NELEM(gcm_reinit_tests)); 5500 ADD_ALL_TESTS(test_evp_updated_iv, OSSL_NELEM(evp_updated_iv_tests)); 5501 ADD_ALL_TESTS(test_ivlen_change, OSSL_NELEM(ivlen_change_ciphers)); 5502 if (OSSL_NELEM(keylen_change_ciphers) - 1 > 0) 5503 ADD_ALL_TESTS(test_keylen_change, OSSL_NELEM(keylen_change_ciphers) - 1); 5504 5505 #ifndef OPENSSL_NO_DEPRECATED_3_0 5506 ADD_ALL_TESTS(test_custom_pmeth, 12); 5507 ADD_TEST(test_evp_md_cipher_meth); 5508 ADD_TEST(test_custom_md_meth); 5509 ADD_TEST(test_custom_ciph_meth); 5510 5511 # ifndef OPENSSL_NO_DYNAMIC_ENGINE 5512 /* Tests only support the default libctx */ 5513 if (testctx == NULL) { 5514 # ifndef OPENSSL_NO_EC 5515 ADD_ALL_TESTS(test_signatures_with_engine, 3); 5516 # else 5517 ADD_ALL_TESTS(test_signatures_with_engine, 2); 5518 # endif 5519 ADD_TEST(test_cipher_with_engine); 5520 } 5521 # endif 5522 #endif 5523 5524 ADD_ALL_TESTS(test_ecx_short_keys, OSSL_NELEM(ecxnids)); 5525 5526 #ifndef OPENSSL_NO_EC 5527 ADD_ALL_TESTS(test_ecx_not_private_key, OSSL_NELEM(keys)); 5528 #endif 5529 5530 /* Test cases for CVE-2023-5363 */ 5531 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363); 5532 #ifndef OPENSSL_NO_RC4 5533 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363); 5534 #endif 5535 5536 ADD_TEST(test_invalid_ctx_for_digest); 5537 5538 return 1; 5539 } 5540 5541 void cleanup_tests(void) 5542 { 5543 OSSL_PROVIDER_unload(nullprov); 5544 OSSL_PROVIDER_unload(deflprov); 5545 OSSL_PROVIDER_unload(lgcyprov); 5546 OSSL_LIB_CTX_free(testctx); 5547 } 5548