X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=test%2Fevp_extra_test.c;h=e7409619fdb212b9ba816f42128322afe84a9eaf;hp=50c9e918f2fcb36b2013653b0d58ae7a2a2095e2;hb=c9c4a356b778d042fee3d86f7178012ec0077205;hpb=6e59a892db781658c050e5217127c4147c116ac9 diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 50c9e918f2..e7409619fd 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1,79 +1,30 @@ -/* Copyright (c) 2014, Google Inc. - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -/* ==================================================================== - * Copyright (c) 1998-2015 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * openssl-core@openssl.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.openssl.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). +/* + * Copyright 2015-2018 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include #include +#include #include +#include #include #include #include #include #include +#include +#include +#include +#include +#include +#include "testutil.h" +#include "internal/nelem.h" +#include "crypto/evp.h" /* * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you @@ -133,6 +84,147 @@ static const unsigned char kExampleRSAKeyDER[] = { 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf, }; +/* +* kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you + * should never use this key anywhere but in an example. + */ +static const unsigned char kExampleDSAKeyDER[] = { + 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a, + 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d, + 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f, + 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42, + 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38, + 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e, + 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e, + 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04, + 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4, + 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b, + 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14, + 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e, + 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3, + 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef, + 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f, + 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef, + 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38, + 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f, + 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4, + 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d, + 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86, + 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6, + 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a, + 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19, + 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff, + 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f, + 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0, + 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69, + 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07, + 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9, + 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79, + 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f, + 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c, + 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12, + 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45, + 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8, + 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe, + 0x40, 0x48 +}; + +/* + * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private + * components are not correct. + */ +static const unsigned char kExampleBadRSAKeyDER[] = { + 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00, + 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef, + 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9, + 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4, + 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3, + 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05, + 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26, + 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0, + 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33, + 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66, + 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde, + 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa, + 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53, + 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c, + 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75, + 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7, + 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c, + 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a, + 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87, + 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd, + 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0, + 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18, + 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01, + 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5, + 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06, + 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0, + 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75, + 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1, + 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00, + 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd, + 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29, + 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5, + 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05, + 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e, + 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf, + 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d, + 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb, + 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5, + 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef, + 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9, + 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2, + 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7, + 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff, + 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99, + 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78, + 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb, + 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35, + 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46, + 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6, + 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f, + 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56, + 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d, + 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55, + 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20, + 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6, + 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81, + 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a, + 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e, + 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3, + 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1, + 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6, + 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77, + 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a, + 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d, + 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b, + 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a, + 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf, + 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28, + 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12, + 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd, + 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a, + 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5, + 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e, + 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b, + 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84, + 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e, + 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97, + 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81, + 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b, + 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6, + 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74, + 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e, + 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9, + 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98, + 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05, + 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef, + 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf, + 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69, + 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce, +}; + static const unsigned char kMsg[] = { 1, 2, 3, 4 }; static const unsigned char kSignature[] = { @@ -243,7 +335,68 @@ static const unsigned char kExampleBadECKeyDER[] = { 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51 }; + +/* prime256v1 */ +static const unsigned char kExampleECPubKeyDER[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, + 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, + 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, + 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, + 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, + 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 +}; + +/* + * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID + * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key + */ +static const unsigned char kExampleBadECPubKeyDER[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53, + 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8, + 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7, + 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b, + 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20, + 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5 +}; + +static const unsigned char pExampleECParamDER[] = { + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 +}; +#endif + +typedef struct APK_DATA_st { + const unsigned char *kder; + size_t size; + int evptype; + int check; + int pub_check; + int param_check; + int type; /* 0 for private, 1 for public, 2 for params */ +} APK_DATA; + +static APK_DATA keydata[] = { + {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA}, + {kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA}, +#ifndef OPENSSL_NO_EC + {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC} +#endif +}; + +static APK_DATA keycheckdata[] = { + {kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), EVP_PKEY_RSA, 1, -2, -2, 0}, + {kExampleBadRSAKeyDER, sizeof(kExampleBadRSAKeyDER), EVP_PKEY_RSA, + 0, -2, -2, 0}, +#ifndef OPENSSL_NO_EC + {kExampleECKeyDER, sizeof(kExampleECKeyDER), EVP_PKEY_EC, 1, 1, 1, 0}, + /* group is also associated in our pub key */ + {kExampleECPubKeyDER, sizeof(kExampleECPubKeyDER), EVP_PKEY_EC, 0, 1, 1, 1}, + {pExampleECParamDER, sizeof(pExampleECParamDER), EVP_PKEY_EC, 0, 0, 1, 2} #endif +}; static EVP_PKEY *load_example_rsa_key(void) { @@ -252,75 +405,179 @@ static EVP_PKEY *load_example_rsa_key(void) EVP_PKEY *pkey = NULL; RSA *rsa = NULL; - if (!d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER))) { + if (!TEST_true(d2i_RSAPrivateKey(&rsa, &derp, sizeof(kExampleRSAKeyDER)))) return NULL; - } - pkey = EVP_PKEY_new(); - if (pkey == NULL || !EVP_PKEY_set1_RSA(pkey, rsa)) { - goto out; - } + if (!TEST_ptr(pkey = EVP_PKEY_new()) + || !TEST_true(EVP_PKEY_set1_RSA(pkey, rsa))) + goto end; ret = pkey; pkey = NULL; - out: +end: EVP_PKEY_free(pkey); RSA_free(rsa); return ret; } -static int test_EVP_DigestSignInit(void) +static EVP_PKEY *load_example_dsa_key(void) +{ + EVP_PKEY *ret = NULL; + const unsigned char *derp = kExampleDSAKeyDER; + EVP_PKEY *pkey = NULL; + DSA *dsa = NULL; + + if (!TEST_true(d2i_DSAPrivateKey(&dsa, &derp, sizeof(kExampleDSAKeyDER)))) + return NULL; + + if (!TEST_ptr(pkey = EVP_PKEY_new()) + || !TEST_true(EVP_PKEY_set1_DSA(pkey, dsa))) + goto end; + + ret = pkey; + pkey = NULL; + +end: + EVP_PKEY_free(pkey); + DSA_free(dsa); + + return ret; +} + + +static int test_EVP_Enveloped(void) +{ + int ret = 0; + EVP_CIPHER_CTX *ctx = NULL; + EVP_PKEY *keypair = NULL; + unsigned char *kek = NULL; + unsigned char iv[EVP_MAX_IV_LENGTH]; + static const unsigned char msg[] = { 1, 2, 3, 4, 5, 6, 7, 8 }; + int len, kek_len, ciphertext_len, plaintext_len; + unsigned char ciphertext[32], plaintext[16]; + const EVP_CIPHER *type = EVP_aes_256_cbc(); + + if (!TEST_ptr(keypair = load_example_rsa_key()) + || !TEST_ptr(kek = OPENSSL_zalloc(EVP_PKEY_size(keypair))) + || !TEST_ptr(ctx = EVP_CIPHER_CTX_new()) + || !TEST_true(EVP_SealInit(ctx, type, &kek, &kek_len, iv, + &keypair, 1)) + || !TEST_true(EVP_SealUpdate(ctx, ciphertext, &ciphertext_len, + msg, sizeof(msg))) + || !TEST_true(EVP_SealFinal(ctx, ciphertext + ciphertext_len, + &len))) + goto err; + + ciphertext_len += len; + + if (!TEST_true(EVP_OpenInit(ctx, type, kek, kek_len, iv, keypair)) + || !TEST_true(EVP_OpenUpdate(ctx, plaintext, &plaintext_len, + ciphertext, ciphertext_len)) + || !TEST_true(EVP_OpenFinal(ctx, plaintext + plaintext_len, &len))) + goto err; + + plaintext_len += len; + if (!TEST_mem_eq(msg, sizeof(msg), plaintext, plaintext_len)) + goto err; + + ret = 1; +err: + OPENSSL_free(kek); + EVP_PKEY_free(keypair); + EVP_CIPHER_CTX_free(ctx); + return ret; +} + +/* + * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (RSA) + * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (DSA) + * Test 2: Use an MD BIO to do the Update calls instead (RSA) + * Test 3: Use an MD BIO to do the Update calls instead (DSA) + */ +static int test_EVP_DigestSignInit(int tst) { int ret = 0; EVP_PKEY *pkey = NULL; unsigned char *sig = NULL; size_t sig_len = 0; - EVP_MD_CTX *md_ctx, *md_ctx_verify; + EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL; + EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL; + BIO *mdbio = NULL, *membio = NULL; + size_t written; - md_ctx = EVP_MD_CTX_create(); - md_ctx_verify = EVP_MD_CTX_create(); - if (md_ctx == NULL || md_ctx_verify == NULL) - goto out; + if (tst >= 2) { + membio = BIO_new(BIO_s_mem()); + mdbio = BIO_new(BIO_f_md()); + if (!TEST_ptr(membio) || !TEST_ptr(mdbio)) + goto out; + BIO_push(mdbio, membio); + if (!TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx), 0)) + goto out; + } else { + if (!TEST_ptr(a_md_ctx = md_ctx = EVP_MD_CTX_new()) + || !TEST_ptr(a_md_ctx_verify = md_ctx_verify = EVP_MD_CTX_new())) + goto out; + } - pkey = load_example_rsa_key(); - if (pkey == NULL || - !EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) || - !EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))) { - goto out; + if (tst == 0 || tst == 2) { + if (!TEST_ptr(pkey = load_example_rsa_key())) + goto out; + } else { + if (!TEST_ptr(pkey = load_example_dsa_key())) + goto out; } - /* Determine the size of the signature. */ - if (!EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) { + + if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sha256(), NULL, pkey))) goto out; + + if (tst >= 2) { + if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)) + goto out; + } else { + if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) + goto out; } - /* Sanity check for testing. */ - if (sig_len != (size_t)EVP_PKEY_size(pkey)) { - fprintf(stderr, "sig_len mismatch\n"); + + /* Determine the size of the signature. */ + if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len)) + || !TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) goto out; - } - sig = OPENSSL_malloc(sig_len); - if (sig == NULL || !EVP_DigestSignFinal(md_ctx, sig, &sig_len)) { + if (!TEST_ptr(sig = OPENSSL_malloc(sig_len)) + || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) goto out; + + if (tst >= 2) { + if (!TEST_int_gt(BIO_reset(mdbio), 0) + || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0)) + goto out; } /* Ensure that the signature round-trips. */ - if (!EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), NULL, pkey) - || !EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)) - || !EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len)) { + if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sha256(), + NULL, pkey))) goto out; + + if (tst >= 2) { + if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)) + goto out; + } else { + if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, + sizeof(kMsg)))) + goto out; } + if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) + goto out; ret = 1; out: - if (!ret) { - ERR_print_errors_fp(stderr); - } - - EVP_MD_CTX_destroy(md_ctx); - EVP_MD_CTX_destroy(md_ctx_verify); + BIO_free(membio); + BIO_free(mdbio); + EVP_MD_CTX_free(a_md_ctx); + EVP_MD_CTX_free(a_md_ctx_verify); EVP_PKEY_free(pkey); OPENSSL_free(sig); @@ -331,61 +588,109 @@ static int test_EVP_DigestVerifyInit(void) { int ret = 0; EVP_PKEY *pkey = NULL; - EVP_MD_CTX *md_ctx; + EVP_MD_CTX *md_ctx = NULL; - md_ctx = EVP_MD_CTX_create(); + if (!TEST_ptr(md_ctx = EVP_MD_CTX_new()) + || !TEST_ptr(pkey = load_example_rsa_key())) + goto out; - pkey = load_example_rsa_key(); - if (pkey == NULL || - !EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey) || - !EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg)) || - !EVP_DigestVerifyFinal(md_ctx, kSignature, sizeof(kSignature))) { + if (!TEST_true(EVP_DigestVerifyInit(md_ctx, NULL, EVP_sha256(), NULL, pkey)) + || !TEST_true(EVP_DigestVerifyUpdate(md_ctx, kMsg, sizeof(kMsg))) + || !TEST_true(EVP_DigestVerifyFinal(md_ctx, kSignature, + sizeof(kSignature)))) goto out; - } ret = 1; out: - if (!ret) { - ERR_print_errors_fp(stderr); - } - - EVP_MD_CTX_destroy(md_ctx); + EVP_MD_CTX_free(md_ctx); EVP_PKEY_free(pkey); - return ret; } -static int test_d2i_AutoPrivateKey(const unsigned char *input, - size_t input_len, int expected_id) +static int test_d2i_AutoPrivateKey(int i) { int ret = 0; const unsigned char *p; EVP_PKEY *pkey = NULL; + const APK_DATA *ak = &keydata[i]; + const unsigned char *input = ak->kder; + size_t input_len = ak->size; + int expected_id = ak->evptype; p = input; - pkey = d2i_AutoPrivateKey(NULL, &p, input_len); - if (pkey == NULL || p != input + input_len) { - fprintf(stderr, "d2i_AutoPrivateKey failed\n"); + if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) + || !TEST_ptr_eq(p, input + input_len) + || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) goto done; - } - - if (EVP_PKEY_id(pkey) != expected_id) { - fprintf(stderr, "Did not decode expected type\n"); - goto done; - } ret = 1; done: - if (!ret) { - ERR_print_errors_fp(stderr); - } - EVP_PKEY_free(pkey); return ret; } #ifndef OPENSSL_NO_EC + +static const unsigned char ec_public_sect163k1_validxy[] = { + 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, + 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, + 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b, + 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, + 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f +}; + +static const unsigned char ec_public_sect163k1_badx[] = { + 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, + 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, + 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b, + 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, + 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f +}; + +static const unsigned char ec_public_sect163k1_bady[] = { + 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04, + 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69, + 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b, + 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3, + 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6 +}; + +static struct ec_der_pub_keys_st { + const unsigned char *der; + size_t len; + int valid; +} ec_der_pub_keys[] = { + { ec_public_sect163k1_validxy, sizeof(ec_public_sect163k1_validxy), 1 }, + { ec_public_sect163k1_badx, sizeof(ec_public_sect163k1_badx), 0 }, + { ec_public_sect163k1_bady, sizeof(ec_public_sect163k1_bady), 0 }, +}; + +/* + * Tests the range of the decoded EC char2 public point. + * See ec_GF2m_simple_oct2point(). + */ +static int test_invalide_ec_char2_pub_range_decode(int id) +{ + int ret = 0; + BIO *bio = NULL; + EC_KEY *eckey = NULL; + + if (!TEST_ptr(bio = BIO_new_mem_buf(ec_der_pub_keys[id].der, + ec_der_pub_keys[id].len))) + goto err; + eckey = d2i_EC_PUBKEY_bio(bio, NULL); + ret = (ec_der_pub_keys[id].valid && TEST_ptr(eckey)) + || TEST_ptr_null(eckey); +err: + EC_KEY_free(eckey); + BIO_free(bio); + return ret; +} + /* Tests loading a bad key in PKCS8 format */ static int test_EVP_PKCS82PKEY(void) { @@ -394,18 +699,16 @@ static int test_EVP_PKCS82PKEY(void) PKCS8_PRIV_KEY_INFO *p8inf = NULL; EVP_PKEY *pkey = NULL; - p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, sizeof(kExampleBadECKeyDER)); + if (!TEST_ptr(p8inf = d2i_PKCS8_PRIV_KEY_INFO(NULL, &derp, + sizeof(kExampleBadECKeyDER)))) + goto done; - if (!p8inf || derp != kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER)) { - fprintf(stderr, "Failed to parse key\n"); + if (!TEST_ptr_eq(derp, + kExampleBadECKeyDER + sizeof(kExampleBadECKeyDER))) goto done; - } - pkey = EVP_PKCS82PKEY(p8inf); - if (pkey) { - fprintf(stderr, "Imported invalid EC key\n"); + if (!TEST_ptr_null(pkey = EVP_PKCS82PKEY(p8inf))) goto done; - } ret = 1; @@ -417,58 +720,655 @@ static int test_EVP_PKCS82PKEY(void) } #endif -int main(void) +#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE) + +static int test_EVP_SM2_verify(void) { - CRYPTO_malloc_debug_init(); - CRYPTO_set_mem_debug_options(V_CRYPTO_MDEBUG_ALL); - CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */ + const char *pubkey = + "-----BEGIN PUBLIC KEY-----\n" + "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n" + "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n" + "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n" + "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n" + "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n" + "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n" + "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n" + "-----END PUBLIC KEY-----\n"; - ERR_load_crypto_strings(); - /* Load up the software EVP_CIPHER and EVP_MD definitions */ - OpenSSL_add_all_ciphers(); - OpenSSL_add_all_digests(); + const char *msg = "message digest"; + const char *id = "ALICE123@YAHOO.COM"; - if (!test_EVP_DigestSignInit()) { - fprintf(stderr, "EVP_DigestSignInit failed\n"); - return 1; - } + const uint8_t signature[] = { + 0x30, 0x44, 0x02, 0x20, - if (!test_EVP_DigestVerifyInit()) { - fprintf(stderr, "EVP_DigestVerifyInit failed\n"); - return 1; - } + 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC, + 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2, + 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1, - if (!test_d2i_AutoPrivateKey(kExampleRSAKeyDER, sizeof(kExampleRSAKeyDER), - EVP_PKEY_RSA)) { - fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyDER) failed\n"); - return 1; + 0x02, 0x20, + + 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF, + 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0, + 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7 + }; + + int rc = 0; + BIO *bio = NULL; + EVP_PKEY *pkey = NULL; + EVP_MD_CTX *mctx = NULL; + EVP_PKEY_CTX *pctx = NULL; + + bio = BIO_new_mem_buf(pubkey, strlen(pubkey)); + if (!TEST_true(bio != NULL)) + goto done; + + pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL); + if (!TEST_true(pkey != NULL)) + goto done; + + if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) + goto done; + + if (!TEST_ptr(mctx = EVP_MD_CTX_new())) + goto done; + + if (!TEST_ptr(pctx = EVP_PKEY_CTX_new(pkey, NULL))) + goto done; + + if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx, (const uint8_t *)id, + strlen(id)), 0)) + goto done; + + EVP_MD_CTX_set_pkey_ctx(mctx, pctx); + + if (!TEST_true(EVP_DigestVerifyInit(mctx, NULL, EVP_sm3(), NULL, pkey))) + goto done; + + if (!TEST_true(EVP_DigestVerifyUpdate(mctx, msg, strlen(msg)))) + goto done; + + if (!TEST_true(EVP_DigestVerifyFinal(mctx, signature, sizeof(signature)))) + goto done; + rc = 1; + + done: + BIO_free(bio); + EVP_PKEY_free(pkey); + EVP_PKEY_CTX_free(pctx); + EVP_MD_CTX_free(mctx); + return rc; +} + +static int test_EVP_SM2(void) +{ + int ret = 0; + EVP_PKEY *pkey = NULL; + EVP_PKEY *params = NULL; + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY_CTX *kctx = NULL; + EVP_PKEY_CTX *sctx = NULL; + size_t sig_len = 0; + unsigned char *sig = NULL; + EVP_MD_CTX *md_ctx = NULL; + EVP_MD_CTX *md_ctx_verify = NULL; + EVP_PKEY_CTX *cctx = NULL; + + uint8_t ciphertext[128]; + size_t ctext_len = sizeof(ciphertext); + + uint8_t plaintext[8]; + size_t ptext_len = sizeof(plaintext); + + uint8_t sm2_id[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'}; + + pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL); + if (!TEST_ptr(pctx)) + goto done; + + if (!TEST_true(EVP_PKEY_paramgen_init(pctx) == 1)) + goto done; + + if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, NID_sm2))) + goto done; + + if (!TEST_true(EVP_PKEY_paramgen(pctx, ¶ms))) + goto done; + + kctx = EVP_PKEY_CTX_new(params, NULL); + if (!TEST_ptr(kctx)) + goto done; + + if (!TEST_true(EVP_PKEY_keygen_init(kctx))) + goto done; + + if (!TEST_true(EVP_PKEY_keygen(kctx, &pkey))) + goto done; + + if (!TEST_true(EVP_PKEY_set_alias_type(pkey, EVP_PKEY_SM2))) + goto done; + + if (!TEST_ptr(md_ctx = EVP_MD_CTX_new())) + goto done; + + if (!TEST_ptr(md_ctx_verify = EVP_MD_CTX_new())) + goto done; + + if (!TEST_ptr(sctx = EVP_PKEY_CTX_new(pkey, NULL))) + goto done; + + EVP_MD_CTX_set_pkey_ctx(md_ctx, sctx); + EVP_MD_CTX_set_pkey_ctx(md_ctx_verify, sctx); + + if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx, sm2_id, sizeof(sm2_id)), 0)) + goto done; + + if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, EVP_sm3(), NULL, pkey))) + goto done; + + if(!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg)))) + goto done; + + /* Determine the size of the signature. */ + if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))) + goto done; + + if (!TEST_size_t_eq(sig_len, (size_t)EVP_PKEY_size(pkey))) + goto done; + + if (!TEST_ptr(sig = OPENSSL_malloc(sig_len))) + goto done; + + if (!TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len))) + goto done; + + /* Ensure that the signature round-trips. */ + + if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify, NULL, EVP_sm3(), NULL, pkey))) + goto done; + + if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify, kMsg, sizeof(kMsg)))) + goto done; + + if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify, sig, sig_len))) + goto done; + + /* now check encryption/decryption */ + + if (!TEST_ptr(cctx = EVP_PKEY_CTX_new(pkey, NULL))) + goto done; + + if (!TEST_true(EVP_PKEY_encrypt_init(cctx))) + goto done; + + if (!TEST_true(EVP_PKEY_encrypt(cctx, ciphertext, &ctext_len, kMsg, sizeof(kMsg)))) + goto done; + + if (!TEST_true(EVP_PKEY_decrypt_init(cctx))) + goto done; + + if (!TEST_true(EVP_PKEY_decrypt(cctx, plaintext, &ptext_len, ciphertext, ctext_len))) + goto done; + + if (!TEST_true(ptext_len == sizeof(kMsg))) + goto done; + + if (!TEST_true(memcmp(plaintext, kMsg, sizeof(kMsg)) == 0)) + goto done; + + ret = 1; +done: + EVP_PKEY_CTX_free(pctx); + EVP_PKEY_CTX_free(kctx); + EVP_PKEY_CTX_free(sctx); + EVP_PKEY_CTX_free(cctx); + EVP_PKEY_free(pkey); + EVP_PKEY_free(params); + EVP_MD_CTX_free(md_ctx); + EVP_MD_CTX_free(md_ctx_verify); + OPENSSL_free(sig); + return ret; +} + +#endif + +static struct keys_st { + int type; + char *priv; + char *pub; +} keys[] = { + { + EVP_PKEY_HMAC, "0123456789", NULL + }, { + EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL + }, { + EVP_PKEY_SIPHASH, "0123456789012345", NULL + }, +#ifndef OPENSSL_NO_EC + { + EVP_PKEY_X25519, "01234567890123456789012345678901", + "abcdefghijklmnopqrstuvwxyzabcdef" + }, { + EVP_PKEY_ED25519, "01234567890123456789012345678901", + "abcdefghijklmnopqrstuvwxyzabcdef" + }, { + EVP_PKEY_X448, + "01234567890123456789012345678901234567890123456789012345", + "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd" + }, { + EVP_PKEY_ED448, + "012345678901234567890123456789012345678901234567890123456", + "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde" } +#endif +}; + +static int test_set_get_raw_keys_int(int tst, int pub) +{ + int ret = 0; + unsigned char buf[80]; + unsigned char *in; + size_t inlen, len = 0; + EVP_PKEY *pkey; - if (!test_d2i_AutoPrivateKey - (kExampleRSAKeyPKCS8, sizeof(kExampleRSAKeyPKCS8), EVP_PKEY_RSA)) { - fprintf(stderr, "d2i_AutoPrivateKey(kExampleRSAKeyPKCS8) failed\n"); + /* Check if this algorithm supports public keys */ + if (keys[tst].pub == NULL) return 1; + + memset(buf, 0, sizeof(buf)); + + if (pub) { + inlen = strlen(keys[tst].pub); + in = (unsigned char *)keys[tst].pub; + pkey = EVP_PKEY_new_raw_public_key(keys[tst].type, + NULL, + in, + inlen); + } else { + inlen = strlen(keys[tst].priv); + in = (unsigned char *)keys[tst].priv; + pkey = EVP_PKEY_new_raw_private_key(keys[tst].type, + NULL, + in, + inlen); } + if (!TEST_ptr(pkey) + || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len))) + || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len))) + || !TEST_true(len == inlen) + || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len))) + || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len))) + || !TEST_mem_eq(in, inlen, buf, len)) + goto done; + + ret = 1; + done: + EVP_PKEY_free(pkey); + return ret; +} + +static int test_set_get_raw_keys(int tst) +{ + return test_set_get_raw_keys_int(tst, 0) + && test_set_get_raw_keys_int(tst, 1); +} + +static int pkey_custom_check(EVP_PKEY *pkey) +{ + return 0xbeef; +} + +static int pkey_custom_pub_check(EVP_PKEY *pkey) +{ + return 0xbeef; +} + +static int pkey_custom_param_check(EVP_PKEY *pkey) +{ + return 0xbeef; +} + +static EVP_PKEY_METHOD *custom_pmeth; + +static int test_EVP_PKEY_check(int i) +{ + int ret = 0; + const unsigned char *p; + EVP_PKEY *pkey = NULL; +#ifndef OPENSSL_NO_EC + EC_KEY *eckey = NULL; +#endif + EVP_PKEY_CTX *ctx = NULL; + EVP_PKEY_CTX *ctx2 = NULL; + const APK_DATA *ak = &keycheckdata[i]; + const unsigned char *input = ak->kder; + size_t input_len = ak->size; + int expected_id = ak->evptype; + int expected_check = ak->check; + int expected_pub_check = ak->pub_check; + int expected_param_check = ak->param_check; + int type = ak->type; + BIO *pubkey = NULL; + + p = input; + + switch (type) { + case 0: + if (!TEST_ptr(pkey = d2i_AutoPrivateKey(NULL, &p, input_len)) + || !TEST_ptr_eq(p, input + input_len) + || !TEST_int_eq(EVP_PKEY_id(pkey), expected_id)) + goto done; + break; #ifndef OPENSSL_NO_EC - if (!test_d2i_AutoPrivateKey(kExampleECKeyDER, sizeof(kExampleECKeyDER), - EVP_PKEY_EC)) { - fprintf(stderr, "d2i_AutoPrivateKey(kExampleECKeyDER) failed\n"); - return 1; + case 1: + if (!TEST_ptr(pubkey = BIO_new_mem_buf(input, input_len)) + || !TEST_ptr(eckey = d2i_EC_PUBKEY_bio(pubkey, NULL)) + || !TEST_ptr(pkey = EVP_PKEY_new()) + || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) + goto done; + break; + case 2: + if (!TEST_ptr(eckey = d2i_ECParameters(NULL, &p, input_len)) + || !TEST_ptr_eq(p, input + input_len) + || !TEST_ptr(pkey = EVP_PKEY_new()) + || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey, eckey))) + goto done; + break; +#endif + default: + return 0; } - if (!test_EVP_PKCS82PKEY()) { - fprintf(stderr, "test_EVP_PKCS82PKEY failed\n"); - return 1; + if (!TEST_ptr(ctx = EVP_PKEY_CTX_new(pkey, NULL))) + goto done; + + if (!TEST_int_eq(EVP_PKEY_check(ctx), expected_check)) + goto done; + + if (!TEST_int_eq(EVP_PKEY_public_check(ctx), expected_pub_check)) + goto done; + + if (!TEST_int_eq(EVP_PKEY_param_check(ctx), expected_param_check)) + goto done; + + ctx2 = EVP_PKEY_CTX_new_id(0xdefaced, NULL); + /* assign the pkey directly, as an internal test */ + EVP_PKEY_up_ref(pkey); + ctx2->pkey = pkey; + + if (!TEST_int_eq(EVP_PKEY_check(ctx2), 0xbeef)) + goto done; + + if (!TEST_int_eq(EVP_PKEY_public_check(ctx2), 0xbeef)) + goto done; + + if (!TEST_int_eq(EVP_PKEY_param_check(ctx2), 0xbeef)) + goto done; + + ret = 1; + + done: + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_CTX_free(ctx2); + EVP_PKEY_free(pkey); + BIO_free(pubkey); + return ret; +} + +static int test_HKDF(void) +{ + EVP_PKEY_CTX *pctx; + unsigned char out[20]; + size_t outlen; + int i, ret = 0; + unsigned char salt[] = "0123456789"; + unsigned char key[] = "012345678901234567890123456789"; + unsigned char info[] = "infostring"; + const unsigned char expected[] = { + 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5, + 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca + }; + size_t expectedlen = sizeof(expected); + + if (!TEST_ptr(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))) + goto done; + + /* We do this twice to test reuse of the EVP_PKEY_CTX */ + for (i = 0; i < 2; i++) { + outlen = sizeof(out); + memset(out, 0, outlen); + + if (!TEST_int_gt(EVP_PKEY_derive_init(pctx), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx, EVP_sha256()), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx, salt, + sizeof(salt) - 1), 0) + || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx, key, + sizeof(key) - 1), 0) + || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx, info, + sizeof(info) - 1), 0) + || !TEST_int_gt(EVP_PKEY_derive(pctx, out, &outlen), 0) + || !TEST_mem_eq(out, outlen, expected, expectedlen)) + goto done; } -#endif - EVP_cleanup(); - CRYPTO_cleanup_all_ex_data(); - ERR_remove_thread_state(NULL); - ERR_free_strings(); - CRYPTO_mem_leaks_fp(stderr); + ret = 1; + + done: + EVP_PKEY_CTX_free(pctx); - printf("PASS\n"); - return 0; + return ret; +} + +#ifndef OPENSSL_NO_EC +static int test_X509_PUBKEY_inplace(void) +{ + int ret = 0; + X509_PUBKEY *xp = NULL; + const unsigned char *p = kExampleECPubKeyDER; + size_t input_len = sizeof(kExampleECPubKeyDER); + + if (!TEST_ptr(xp = d2i_X509_PUBKEY(NULL, &p, input_len))) + goto done; + + if (!TEST_ptr(X509_PUBKEY_get0(xp))) + goto done; + + p = kExampleBadECPubKeyDER; + input_len = sizeof(kExampleBadECPubKeyDER); + + if (!TEST_ptr(xp = d2i_X509_PUBKEY(&xp, &p, input_len))) + goto done; + + if (!TEST_true(X509_PUBKEY_get0(xp) == NULL)) + goto done; + + ret = 1; + +done: + X509_PUBKEY_free(xp); + return ret; +} +#endif /* OPENSSL_NO_EC */ + +#ifndef OPENSSL_NO_DSA +/* Test getting and setting parameters on an EVP_PKEY_CTX */ +static int test_EVP_PKEY_CTX_get_set_params(void) +{ + EVP_MD_CTX *mdctx = NULL; + EVP_PKEY_CTX *ctx = NULL; + EVP_SIGNATURE *dsaimpl = NULL; + const OSSL_PARAM *params; + OSSL_PARAM ourparams[2], *param = ourparams; + DSA *dsa = NULL; + BIGNUM *p = NULL, *q = NULL, *g = NULL, *pub = NULL, *priv = NULL; + EVP_PKEY *pkey = NULL; + int ret = 0; + const EVP_MD *md; + size_t mdsize = SHA512_DIGEST_LENGTH; + char ssl3ms[48]; + + /* + * Setup the parameters for our DSA object. For our purposes they don't + * have to actually be *valid* parameters. We just need to set something. + */ + dsa = DSA_new(); + p = BN_new(); + q = BN_new(); + g = BN_new(); + pub = BN_new(); + priv = BN_new(); + if (!TEST_ptr(dsa) + || !TEST_ptr(p) + || !TEST_ptr(q) + || !TEST_ptr(g) + || !TEST_ptr(pub) + || !DSA_set0_pqg(dsa, p, q, g) + || !DSA_set0_key(dsa, pub, priv)) + goto err; + p = q = g = pub = priv = NULL; + + pkey = EVP_PKEY_new(); + if (!TEST_ptr(pkey) + || !TEST_true(EVP_PKEY_assign_DSA(pkey, dsa))) + goto err; + + dsa = NULL; + + /* Initialise a sign operation */ + ctx = EVP_PKEY_CTX_new(pkey, NULL); + if (!TEST_ptr(ctx) + || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)) + goto err; + + /* + * We should be able to query the parameters now. The default DSA + * implementation supports exactly one parameter - so we expect to see that + * returned and no more. + */ + params = EVP_PKEY_CTX_settable_params(ctx); + if (!TEST_ptr(params) + || !TEST_int_eq(strcmp(params[0].key, + OSSL_SIGNATURE_PARAM_DIGEST_SIZE), 0) + || !TEST_int_eq(strcmp(params[1].key, OSSL_SIGNATURE_PARAM_DIGEST), + 0) + /* The final key should be NULL */ + || !TEST_ptr_null(params[2].key)) + goto err; + + /* Gettable params are the same as the settable ones */ + params = EVP_PKEY_CTX_gettable_params(ctx); + if (!TEST_ptr(params) + || !TEST_int_eq(strcmp(params[0].key, + OSSL_SIGNATURE_PARAM_DIGEST_SIZE), 0) + || !TEST_int_eq(strcmp(params[1].key, OSSL_SIGNATURE_PARAM_DIGEST), + 0) + /* The final key should be NULL */ + || !TEST_ptr_null(params[2].key)) + goto err; + + /* + * Test getting and setting params via EVP_PKEY_CTX_set_params() and + * EVP_PKEY_CTX_get_params() + */ + *param++ = OSSL_PARAM_construct_size_t(OSSL_SIGNATURE_PARAM_DIGEST_SIZE, + &mdsize); + *param++ = OSSL_PARAM_construct_end(); + + if (!TEST_true(EVP_PKEY_CTX_set_params(ctx, ourparams))) + goto err; + + mdsize = 0; + if (!TEST_true(EVP_PKEY_CTX_get_params(ctx, ourparams)) + || !TEST_size_t_eq(mdsize, SHA512_DIGEST_LENGTH)) + goto err; + + /* + * Test the TEST_PKEY_CTX_set_signature_md() and + * TEST_PKEY_CTX_get_signature_md() functions + */ + if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx, EVP_sha256()), 0) + || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx, &md), 0) + || !TEST_ptr_eq(md, EVP_sha256())) + goto err; + + /* + * Test getting MD parameters via an associated EVP_PKEY_CTX + */ + mdctx = EVP_MD_CTX_new(); + if (!TEST_ptr(mdctx) + || !TEST_true(EVP_DigestSignInit_ex(mdctx, NULL, "SHA1", NULL, pkey))) + goto err; + + /* + * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be + * able to obtain the digest's settable parameters from the provider. + */ + params = EVP_MD_CTX_settable_params(mdctx); + if (!TEST_ptr(params) + || !TEST_int_eq(strcmp(params[0].key, OSSL_DIGEST_PARAM_SSL3_MS), 0) + /* The final key should be NULL */ + || !TEST_ptr_null(params[1].key)) + goto err; + + param = ourparams; + memset(ssl3ms, 0, sizeof(ssl3ms)); + *param++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS, + ssl3ms, sizeof(ssl3ms)); + *param++ = OSSL_PARAM_construct_end(); + + if (!TEST_true(EVP_MD_CTX_set_params(mdctx, ourparams))) + goto err; + + ret = 1; + + err: + EVP_MD_CTX_free(mdctx); + EVP_PKEY_CTX_free(ctx); + EVP_SIGNATURE_free(dsaimpl); + EVP_PKEY_free(pkey); + DSA_free(dsa); + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(pub); + BN_free(priv); + + return ret; +} +#endif + +int setup_tests(void) +{ + ADD_ALL_TESTS(test_EVP_DigestSignInit, 4); + ADD_TEST(test_EVP_DigestVerifyInit); + ADD_TEST(test_EVP_Enveloped); + ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata)); +#ifndef OPENSSL_NO_EC + ADD_TEST(test_EVP_PKCS82PKEY); +#endif +#if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODE) + ADD_TEST(test_EVP_SM2); + ADD_TEST(test_EVP_SM2_verify); +#endif + ADD_ALL_TESTS(test_set_get_raw_keys, OSSL_NELEM(keys)); + custom_pmeth = EVP_PKEY_meth_new(0xdefaced, 0); + if (!TEST_ptr(custom_pmeth)) + return 0; + EVP_PKEY_meth_set_check(custom_pmeth, pkey_custom_check); + EVP_PKEY_meth_set_public_check(custom_pmeth, pkey_custom_pub_check); + EVP_PKEY_meth_set_param_check(custom_pmeth, pkey_custom_param_check); + if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth), 1)) + return 0; + ADD_ALL_TESTS(test_EVP_PKEY_check, OSSL_NELEM(keycheckdata)); + ADD_TEST(test_HKDF); +#ifndef OPENSSL_NO_EC + ADD_TEST(test_X509_PUBKEY_inplace); + ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode, + OSSL_NELEM(ec_der_pub_keys)); +#endif +#ifndef OPENSSL_NO_DSA + ADD_TEST(test_EVP_PKEY_CTX_get_set_params); +#endif + return 1; }