2 files changed, 1 insertions, 399 deletions
diff --git a/src/regress/lib/libcrypto/evp/Makefile b/src/regress/lib/libcrypto/evp/Makefile
index c5fee02693..bd8bc668be 100644
--- a/src/regress/lib/libcrypto/evp/Makefile
+++ b/src/regress/lib/libcrypto/evp/Makefile
@@ -1,7 +1,6 @@
-#       $OpenBSD: Makefile,v 1.12 2023/03/02 20:45:11 tb Exp $
+#       $OpenBSD: Makefile,v 1.13 2024/08/29 16:43:52 tb Exp $
 PROGS +=        evp_ecx_test
-PROGS +=        evp_pkey_check
 PROGS +=        evp_pkey_cleanup
 PROGS +=        evp_test
 PROGS +=        evptest
diff --git a/src/regress/lib/libcrypto/evp/evp_pkey_check.c b/src/regress/lib/libcrypto/evp/evp_pkey_check.c
deleted file mode 100644
index 7b73316b9b..0000000000
--- a/src/regress/lib/libcrypto/evp/evp_pkey_check.c
+++ /dev/null
@@ -1,397 +0,0 @@
-/*      $OpenBSD: evp_pkey_check.c,v 1.4 2023/03/02 20:18:40 tb Exp $ */
-/*
- * Copyright (c) 2021-2022 Theo Buehler <tb@openbsd.org>
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
- * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
- * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
- * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
- * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- */
-#include <stdio.h>
-#include <openssl/bn.h>
-#include <openssl/ec.h>
-#include <openssl/err.h>
-#include <openssl/evp.h>
-#include <openssl/rsa.h>
-#define EVP_TEST_RSA_BITS       2048
-static int
-evp_pkey_check_rsa(void)
-{
-        EVP_PKEY_CTX *pkey_ctx = NULL;
-        EVP_PKEY *pkey = NULL;
-        RSA *rsa = NULL;
-        BIGNUM *rsa_d;
-        int ret;
-        int fail_soft = 0;
-        int failed = 1;
-        /*
-         * Generate a run-off-the-mill RSA key.
-         */
-        if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) {
-                fprintf(stderr, "%s: EVP_PKEY_CTX_new_id()\n", __func__);
-                goto err;
-        }
-        if (EVP_PKEY_keygen_init(pkey_ctx) <= 0) {
-                fprintf(stderr, "%s: EVP_PKEY_keygen_init\n", __func__);
-                goto err;
-        }
-        if (!EVP_PKEY_CTX_set_rsa_keygen_bits(pkey_ctx, EVP_TEST_RSA_BITS)) {
-                fprintf(stderr, "%s: EVP_PKEY_CTX_set_rsa_keygen_bits\n",
-                    __func__);
-                goto err;
-        }
-        if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0) {
-                fprintf(stderr, "%s: EVP_PKEY_keygen\n", __func__);
-                goto err;
-        }
-        /* At this point, no pkey is set on pkey_ctx, we should fail with 0. */
-        if (EVP_PKEY_check(pkey_ctx) != 0) {
-                fprintf(stderr, "%s: EVP_PKEY_check() succeeded without pkey\n",
-                    __func__);
-                ERR_print_errors_fp(stderr);
-                fail_soft = 1;
-        }
-        ERR_clear_error();
-        /*
-         * Create a new EVP_PKEY_CTX with pkey set.
-         */
-        EVP_PKEY_CTX_free(pkey_ctx);
-        if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
-                fprintf(stderr, "%s: EVP_PKEY_CTX_new\n", __func__);
-                goto err;
-        }
-        /* The freshly generated pkey is set on pkey_ctx. We should succeed. */
-        if ((ret = EVP_PKEY_check(pkey_ctx)) <= 0) {
-                fprintf(stderr, "%s: EVP_PKEY_check(), generated pkey: %d\n",
-                    __func__, ret);
-                ERR_print_errors_fp(stderr);
-                ERR_clear_error();
-                fail_soft = 1;
-        }
-        /* Public key checking for RSA is not supported. */
-        if (EVP_PKEY_public_check(pkey_ctx) != -2) {
-                fprintf(stderr,
-                    "%s: EVP_PKEY_public_check() supported for RSA?\n",
-                    __func__);
-                goto err;
-        }
-        ERR_clear_error();
-        /* Parameter checking for RSA is not supported. */
-        if (EVP_PKEY_param_check(pkey_ctx) != -2) {
-                fprintf(stderr,
-                    "%s: EVP_PKEY_param_check() supported for RSA?\n",
-                    __func__);
-                goto err;
-        }
-        ERR_clear_error();
-        /*
-         * Now modify the RSA key a bit. The check should then fail.
-         */
-        if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
-                fprintf(stderr, "%s: EVP_PKEY_get0_RSA\n", __func__);
-                goto err;
-        }
-        /* We're lazy and modify rsa->d directly, hence the ugly cast. */
-        if ((rsa_d = (BIGNUM *)RSA_get0_d(rsa)) == NULL) {
-                fprintf(stderr, "%s: RSA_get0_d()\n", __func__);
-                goto err;
-        }
-        if (!BN_add_word(rsa_d, 2)) {
-                fprintf(stderr, "%s: BN_add_word\n", __func__);
-                goto err;
-        }
-        /* Since (d+2) * e != 1 mod (p-1)*(q-1), we should fail */
-        if (EVP_PKEY_check(pkey_ctx) == 1) {
-                fprintf(stderr, "%s: EVP_PKEY_check success with modified d\n",
-                    __func__);
-                fail_soft = 1;
-        }
-        if (ERR_peek_error() == 0) {
-                fprintf(stderr, "%s: expected some RSA errors\n", __func__);
-                fail_soft = 1;
-        }
-        ERR_clear_error();
-        failed = 0;
- err:
-        EVP_PKEY_CTX_free(pkey_ctx);
-        EVP_PKEY_free(pkey);
-        return failed | fail_soft;
-}
-static int
-evp_pkey_check_ec(void)
-{
-        EVP_PKEY_CTX *pkey_ctx = NULL;
-        EVP_PKEY *pkey = NULL;
-        EC_KEY *eckey = NULL;
-        BIGNUM *private_key = NULL;
-        EC_GROUP *group;
-        const EC_POINT *generator;
-        BIGNUM *cofactor = NULL, *order = NULL;
-        int ret;
-        int fail_soft = 0;
-        int failed = 1;
-        /*
-         * Generate an elliptic curve key on secp384r1
-         */
-        if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) == NULL) {
-                fprintf(stderr, "%s: EVP_PKEY_CTX_new_id\n", __func__);
-                goto err;
-        }
-        if (EVP_PKEY_keygen_init(pkey_ctx) <= 0) {
-                fprintf(stderr, "%s: EVP_PKEY_keygen_init\n", __func__);
-                goto err;
-        }
-        if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pkey_ctx,
-            NID_secp384r1) <= 0) {
-                fprintf(stderr, "%s: EVP_PKEY_CTX_set_ec_paramgen_curve_nid\n",
-                    __func__);
-                goto err;
-        }
-        if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0) {
-                fprintf(stderr, "%s: EVP_PKEY_keygen\n", __func__);
-                goto err;
-        }
-        /* At this point, no pkey is set on pkey_ctx, we should fail with 0. */
-        if (EVP_PKEY_check(pkey_ctx) != 0) {
-                fprintf(stderr, "%s: EVP_PKEY_check() succeeded without pkey\n",
-                    __func__);
-                ERR_print_errors_fp(stderr);
-                fail_soft = 1;
-        }
-        ERR_clear_error();
-        /*
-         * Create a new EVP_PKEY_CTX with pkey set.
-         */
-        EVP_PKEY_CTX_free(pkey_ctx);
-        if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
-                fprintf(stderr, "%s: EVP_PKEY_CTX_new\n", __func__);
-                goto err;
-        }
-        /* The freshly generated pkey is set on pkey_ctx. We should succeed. */
-        if ((ret = EVP_PKEY_check(pkey_ctx)) <= 0) {
-                fprintf(stderr, "%s: EVP_PKEY_check(), generated pkey: %d\n",
-                    __func__, ret);
-                ERR_print_errors_fp(stderr);
-                ERR_clear_error();
-                fail_soft = 1;
-        }
-        /* We should also succeed the public check. */
-        if ((ret = EVP_PKEY_public_check(pkey_ctx)) <= 0) {
-                fprintf(stderr,
-                    "%s: EVP_PKEY_public_check(), generated pkey: %d\n",
-                    __func__, ret);
-                ERR_print_errors_fp(stderr);
-                ERR_clear_error();
-                fail_soft = 1;
-        }
-        /* We should also succeed the parameter check. */
-        if ((ret = EVP_PKEY_param_check(pkey_ctx)) <= 0) {
-                fprintf(stderr,
-                    "%s: EVP_PKEY_param_check(), generated pkey: %d\n",
-                    __func__, ret);
-                ERR_print_errors_fp(stderr);
-                ERR_clear_error();
-                fail_soft = 1;
-        }
-        /*
-         * Modify the private key slightly.
-         */
-        if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) {
-                fprintf(stderr, "%s: EVP_PKEY_get0_EC_KEY\n", __func__);
-                goto err;
-        }
-        /* We're lazy and modify the private key directly. */
-        if ((private_key = (BIGNUM *)EC_KEY_get0_private_key(eckey)) == NULL) {
-                fprintf(stderr, "%s: EC_KEY_get0_private_key\n", __func__);
-                goto err;
-        }
-        /*
-         * The private key is a random number in [1, order). Preserve this
-         * property by adding 1 if it is equal to 1 and subtracting 1 otherwise.
-         */
-        if (BN_cmp(private_key, BN_value_one()) == 0) {
-                if (!BN_add_word(private_key, 1)) {
-                        fprintf(stderr, "%s: BN_add_word\n", __func__);
-                        goto err;
-                }
-        } else {
-                if (!BN_sub_word(private_key, 1)) {
-                        fprintf(stderr, "%s: BN_sub_word\n", __func__);
-                        goto err;
-                }
-        }
-        /* Generator times private key will no longer be equal to public key. */
-        if (EVP_PKEY_check(pkey_ctx) == 1) {
-                fprintf(stderr, "%s: EVP_PKEY_check succeeded unexpectedly\n",
-                    __func__);
-                fail_soft = 1;
-        }
-        if (ERR_peek_error() == 0) {
-                fprintf(stderr, "%s: expected a private key error\n", __func__);
-                fail_soft = 1;
-        }
-        ERR_clear_error();
-        /* EVP_PKEY_public_check checks the private key (sigh), so we fail. */
-        if (EVP_PKEY_public_check(pkey_ctx) == 1) {
-                fprintf(stderr,
-                    "%s: EVP_PKEY_public_check succeeded unexpectedly\n",
-                    __func__);
-                fail_soft = 1;
-        }
-        /* We should still succeed the parameter check. */
-        if ((ret = EVP_PKEY_param_check(pkey_ctx)) <= 0) {
-                fprintf(stderr,
-                    "%s: EVP_PKEY_param_check(), modified privkey pkey: %d\n",
-                    __func__, ret);
-                ERR_print_errors_fp(stderr);
-                ERR_clear_error();
-                fail_soft = 1;
-        }
-        /* Now set the private key to NULL. The API will think malloc failed. */
-        if (EC_KEY_set_private_key(eckey, NULL) != 0) {
-                fprintf(stderr, "%s: EC_KEY_set_private_key succeeded?!",
-                    __func__);
-                goto err;
-        }
-        /*
-         * EVP_PKEY_public_check now only checks that the public key is on the
-         * curve. We should succeed again.
-         */
-        if ((ret = EVP_PKEY_public_check(pkey_ctx)) <= 0) {
-                fprintf(stderr, "%s: EVP_PKEY_check(), generated pkey: %d\n",
-                    __func__, ret);
-                fail_soft = 1;
-        }
-        ERR_clear_error();
-        /*
-         * Now let's modify the group to trip the parameter check.
-         */
-        if ((group = (EC_GROUP *)EC_KEY_get0_group(eckey)) == NULL) {
-                fprintf(stderr, "%s: EC_KEY_get0_group() failed\n", __func__);
-                goto err;
-        }
-        if ((generator = EC_GROUP_get0_generator(group)) == NULL) {
-                fprintf(stderr, "%s: EC_GROUP_get0_generator() failed\n",
-                    __func__);
-                goto err;
-        }
-        if ((order = BN_new()) == NULL) {
-                fprintf(stderr, "%s: order = BN_new() failed\n", __func__);
-                goto err;
-        }
-        if ((cofactor = BN_new()) == NULL) {
-                fprintf(stderr, "%s: cofactor = BN_new() failed\n", __func__);
-                goto err;
-        }
-        if (!EC_GROUP_get_order(group, order, NULL)) {
-                fprintf(stderr, "%s: EC_GROUP_get_order() failed\n", __func__);
-                goto err;
-        }
-        if (!EC_GROUP_get_cofactor(group, cofactor, NULL)) {
-                fprintf(stderr, "%s: EC_GROUP_get_cofactor() failed\n",
-                    __func__);
-                goto err;
-        }
-        /* Decrement order so order * generator != (point at infinity). */
-        if (!BN_sub_word(order, 1)) {
-                fprintf(stderr, "%s: BN_sub_word() failed\n", __func__);
-                goto err;
-        }
-        /* Now set this nonsense on the group. */
-        if (!EC_GROUP_set_generator(group, generator, order, cofactor)) {
-                fprintf(stderr, "%s: EC_GROUP_set_generator() failed\n",
-                    __func__);
-                goto err;
-        }
-        /* We should now fail the parameter check. */
-        if (EVP_PKEY_param_check(pkey_ctx) == 1) {
-                fprintf(stderr,
-                    "%s: EVP_PKEY_param_check(), succeeded unexpectedly\n",
-                    __func__);
-                fail_soft = 1;
-        }
-        if (ERR_peek_error() == 0) {
-                fprintf(stderr, "%s: expected a group order error\n", __func__);
-                fail_soft = 1;
-        }
-        ERR_clear_error();
-        failed = 0;
- err:
-        EVP_PKEY_CTX_free(pkey_ctx);
-        EVP_PKEY_free(pkey);
-        BN_free(order);
-        BN_free(cofactor);
-        return failed | fail_soft;
-}
-int
-main(void)
-{
-        int failed = 0;
-        failed |= evp_pkey_check_rsa();
-        failed |= evp_pkey_check_ec();
-        return failed;
-}

diff --git a/src/regress/lib/libcrypto/evp/Makefile b/src/regress/lib/libcrypto/evp/Makefile index c5fee02693..bd8bc668be 100644 --- a/src/regress/lib/libcrypto/evp/Makefile +++ b/src/regress/lib/libcrypto/evp/Makefile
@@ -1,7 +1,6 @@
1	# $OpenBSD: Makefile,v 1.12 2023/03/02 20:45:11 tb Exp $	1	# $OpenBSD: Makefile,v 1.13 2024/08/29 16:43:52 tb Exp $
2		2
3	PROGS += evp_ecx_test	3	PROGS += evp_ecx_test
4	PROGS += evp_pkey_check
5	PROGS += evp_pkey_cleanup	4	PROGS += evp_pkey_cleanup
6	PROGS += evp_test	5	PROGS += evp_test
7	PROGS += evptest	6	PROGS += evptest


diff --git a/src/regress/lib/libcrypto/evp/evp_pkey_check.c b/src/regress/lib/libcrypto/evp/evp_pkey_check.c deleted file mode 100644 index 7b73316b9b..0000000000 --- a/src/regress/lib/libcrypto/evp/evp_pkey_check.c +++ /dev/null
@@ -1,397 +0,0 @@
1	/* $OpenBSD: evp_pkey_check.c,v 1.4 2023/03/02 20:18:40 tb Exp $ */
2	/*
3	* Copyright (c) 2021-2022 Theo Buehler <tb@openbsd.org>
4	*
5	* Permission to use, copy, modify, and distribute this software for any
6	* purpose with or without fee is hereby granted, provided that the above
7	* copyright notice and this permission notice appear in all copies.
8	*
9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16	*/
17
18	#include <stdio.h>
19
20	#include <openssl/bn.h>
21	#include <openssl/ec.h>
22	#include <openssl/err.h>
23	#include <openssl/evp.h>
24	#include <openssl/rsa.h>
25
26	#define EVP_TEST_RSA_BITS 2048
27
28	static int
29	evp_pkey_check_rsa(void)
30	{
31	EVP_PKEY_CTX *pkey_ctx = NULL;
32	EVP_PKEY *pkey = NULL;
33	RSA *rsa = NULL;
34	BIGNUM *rsa_d;
35	int ret;
36	int fail_soft = 0;
37	int failed = 1;
38
39	/*
40	* Generate a run-off-the-mill RSA key.
41	*/
42
43	if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)) == NULL) {
44	fprintf(stderr, "%s: EVP_PKEY_CTX_new_id()\n", __func__);
45	goto err;
46	}
47	if (EVP_PKEY_keygen_init(pkey_ctx) <= 0) {
48	fprintf(stderr, "%s: EVP_PKEY_keygen_init\n", __func__);
49	goto err;
50	}
51	if (!EVP_PKEY_CTX_set_rsa_keygen_bits(pkey_ctx, EVP_TEST_RSA_BITS)) {
52	fprintf(stderr, "%s: EVP_PKEY_CTX_set_rsa_keygen_bits\n",
53	__func__);
54	goto err;
55	}
56	if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0) {
57	fprintf(stderr, "%s: EVP_PKEY_keygen\n", __func__);
58	goto err;
59	}
60
61	/* At this point, no pkey is set on pkey_ctx, we should fail with 0. */
62	if (EVP_PKEY_check(pkey_ctx) != 0) {
63	fprintf(stderr, "%s: EVP_PKEY_check() succeeded without pkey\n",
64	__func__);
65	ERR_print_errors_fp(stderr);
66	fail_soft = 1;
67	}
68
69	ERR_clear_error();
70
71	/*
72	* Create a new EVP_PKEY_CTX with pkey set.
73	*/
74
75	EVP_PKEY_CTX_free(pkey_ctx);
76	if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
77	fprintf(stderr, "%s: EVP_PKEY_CTX_new\n", __func__);
78	goto err;
79	}
80
81	/* The freshly generated pkey is set on pkey_ctx. We should succeed. */
82	if ((ret = EVP_PKEY_check(pkey_ctx)) <= 0) {
83	fprintf(stderr, "%s: EVP_PKEY_check(), generated pkey: %d\n",
84	__func__, ret);
85	ERR_print_errors_fp(stderr);
86	ERR_clear_error();
87	fail_soft = 1;
88	}
89
90	/* Public key checking for RSA is not supported. */
91	if (EVP_PKEY_public_check(pkey_ctx) != -2) {
92	fprintf(stderr,
93	"%s: EVP_PKEY_public_check() supported for RSA?\n",
94	__func__);
95	goto err;
96	}
97	ERR_clear_error();
98
99	/* Parameter checking for RSA is not supported. */
100	if (EVP_PKEY_param_check(pkey_ctx) != -2) {
101	fprintf(stderr,
102	"%s: EVP_PKEY_param_check() supported for RSA?\n",
103	__func__);
104	goto err;
105	}
106	ERR_clear_error();
107
108	/*
109	* Now modify the RSA key a bit. The check should then fail.
110	*/
111
112	if ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) {
113	fprintf(stderr, "%s: EVP_PKEY_get0_RSA\n", __func__);
114	goto err;
115	}
116	/* We're lazy and modify rsa->d directly, hence the ugly cast. */
117	if ((rsa_d = (BIGNUM *)RSA_get0_d(rsa)) == NULL) {
118	fprintf(stderr, "%s: RSA_get0_d()\n", __func__);
119	goto err;
120	}
121	if (!BN_add_word(rsa_d, 2)) {
122	fprintf(stderr, "%s: BN_add_word\n", __func__);
123	goto err;
124	}
125
126	/* Since (d+2) * e != 1 mod (p-1)(q-1), we should fail /
127	if (EVP_PKEY_check(pkey_ctx) == 1) {
128	fprintf(stderr, "%s: EVP_PKEY_check success with modified d\n",
129	__func__);
130	fail_soft = 1;
131	}
132
133	if (ERR_peek_error() == 0) {
134	fprintf(stderr, "%s: expected some RSA errors\n", __func__);
135	fail_soft = 1;
136	}
137	ERR_clear_error();
138
139	failed = 0;
140
141	err:
142	EVP_PKEY_CTX_free(pkey_ctx);
143	EVP_PKEY_free(pkey);
144
145	return failed \| fail_soft;
146	}
147
148	static int
149	evp_pkey_check_ec(void)
150	{
151	EVP_PKEY_CTX *pkey_ctx = NULL;
152	EVP_PKEY *pkey = NULL;
153	EC_KEY *eckey = NULL;
154	BIGNUM *private_key = NULL;
155	EC_GROUP *group;
156	const EC_POINT *generator;
157	BIGNUM cofactor = NULL, order = NULL;
158	int ret;
159	int fail_soft = 0;
160	int failed = 1;
161
162	/*
163	* Generate an elliptic curve key on secp384r1
164	*/
165
166	if ((pkey_ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)) == NULL) {
167	fprintf(stderr, "%s: EVP_PKEY_CTX_new_id\n", __func__);
168	goto err;
169	}
170	if (EVP_PKEY_keygen_init(pkey_ctx) <= 0) {
171	fprintf(stderr, "%s: EVP_PKEY_keygen_init\n", __func__);
172	goto err;
173	}
174	if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pkey_ctx,
175	NID_secp384r1) <= 0) {
176	fprintf(stderr, "%s: EVP_PKEY_CTX_set_ec_paramgen_curve_nid\n",
177	__func__);
178	goto err;
179	}
180	if (EVP_PKEY_keygen(pkey_ctx, &pkey) <= 0) {
181	fprintf(stderr, "%s: EVP_PKEY_keygen\n", __func__);
182	goto err;
183	}
184
185	/* At this point, no pkey is set on pkey_ctx, we should fail with 0. */
186	if (EVP_PKEY_check(pkey_ctx) != 0) {
187	fprintf(stderr, "%s: EVP_PKEY_check() succeeded without pkey\n",
188	__func__);
189	ERR_print_errors_fp(stderr);
190	fail_soft = 1;
191	}
192
193	ERR_clear_error();
194
195	/*
196	* Create a new EVP_PKEY_CTX with pkey set.
197	*/
198
199	EVP_PKEY_CTX_free(pkey_ctx);
200	if ((pkey_ctx = EVP_PKEY_CTX_new(pkey, NULL)) == NULL) {
201	fprintf(stderr, "%s: EVP_PKEY_CTX_new\n", __func__);
202	goto err;
203	}
204
205	/* The freshly generated pkey is set on pkey_ctx. We should succeed. */
206	if ((ret = EVP_PKEY_check(pkey_ctx)) <= 0) {
207	fprintf(stderr, "%s: EVP_PKEY_check(), generated pkey: %d\n",
208	__func__, ret);
209	ERR_print_errors_fp(stderr);
210	ERR_clear_error();
211	fail_soft = 1;
212	}
213
214	/* We should also succeed the public check. */
215	if ((ret = EVP_PKEY_public_check(pkey_ctx)) <= 0) {
216	fprintf(stderr,
217	"%s: EVP_PKEY_public_check(), generated pkey: %d\n",
218	__func__, ret);
219	ERR_print_errors_fp(stderr);
220	ERR_clear_error();
221	fail_soft = 1;
222	}
223
224	/* We should also succeed the parameter check. */
225	if ((ret = EVP_PKEY_param_check(pkey_ctx)) <= 0) {
226	fprintf(stderr,
227	"%s: EVP_PKEY_param_check(), generated pkey: %d\n",
228	__func__, ret);
229	ERR_print_errors_fp(stderr);
230	ERR_clear_error();
231	fail_soft = 1;
232	}
233
234	/*
235	* Modify the private key slightly.
236	*/
237
238	if ((eckey = EVP_PKEY_get0_EC_KEY(pkey)) == NULL) {
239	fprintf(stderr, "%s: EVP_PKEY_get0_EC_KEY\n", __func__);
240	goto err;
241	}
242
243	/* We're lazy and modify the private key directly. */
244	if ((private_key = (BIGNUM *)EC_KEY_get0_private_key(eckey)) == NULL) {
245	fprintf(stderr, "%s: EC_KEY_get0_private_key\n", __func__);
246	goto err;
247	}
248
249	/*
250	* The private key is a random number in [1, order). Preserve this
251	* property by adding 1 if it is equal to 1 and subtracting 1 otherwise.
252	*/
253	if (BN_cmp(private_key, BN_value_one()) == 0) {
254	if (!BN_add_word(private_key, 1)) {
255	fprintf(stderr, "%s: BN_add_word\n", __func__);
256	goto err;
257	}
258	} else {
259	if (!BN_sub_word(private_key, 1)) {
260	fprintf(stderr, "%s: BN_sub_word\n", __func__);
261	goto err;
262	}
263	}
264
265	/* Generator times private key will no longer be equal to public key. */
266	if (EVP_PKEY_check(pkey_ctx) == 1) {
267	fprintf(stderr, "%s: EVP_PKEY_check succeeded unexpectedly\n",
268	__func__);
269	fail_soft = 1;
270	}
271
272	if (ERR_peek_error() == 0) {
273	fprintf(stderr, "%s: expected a private key error\n", __func__);
274	fail_soft = 1;
275	}
276	ERR_clear_error();
277
278	/* EVP_PKEY_public_check checks the private key (sigh), so we fail. */
279	if (EVP_PKEY_public_check(pkey_ctx) == 1) {
280	fprintf(stderr,
281	"%s: EVP_PKEY_public_check succeeded unexpectedly\n",
282	__func__);
283	fail_soft = 1;
284	}
285
286	/* We should still succeed the parameter check. */
287	if ((ret = EVP_PKEY_param_check(pkey_ctx)) <= 0) {
288	fprintf(stderr,
289	"%s: EVP_PKEY_param_check(), modified privkey pkey: %d\n",
290	__func__, ret);
291	ERR_print_errors_fp(stderr);
292	ERR_clear_error();
293	fail_soft = 1;
294	}
295
296	/* Now set the private key to NULL. The API will think malloc failed. */
297	if (EC_KEY_set_private_key(eckey, NULL) != 0) {
298	fprintf(stderr, "%s: EC_KEY_set_private_key succeeded?!",
299	__func__);
300	goto err;
301	}
302
303	/*
304	* EVP_PKEY_public_check now only checks that the public key is on the
305	* curve. We should succeed again.
306	*/
307
308	if ((ret = EVP_PKEY_public_check(pkey_ctx)) <= 0) {
309	fprintf(stderr, "%s: EVP_PKEY_check(), generated pkey: %d\n",
310	__func__, ret);
311	fail_soft = 1;
312	}
313
314	ERR_clear_error();
315
316	/*
317	* Now let's modify the group to trip the parameter check.
318	*/
319
320	if ((group = (EC_GROUP *)EC_KEY_get0_group(eckey)) == NULL) {
321	fprintf(stderr, "%s: EC_KEY_get0_group() failed\n", __func__);
322	goto err;
323	}
324
325	if ((generator = EC_GROUP_get0_generator(group)) == NULL) {
326	fprintf(stderr, "%s: EC_GROUP_get0_generator() failed\n",
327	__func__);
328	goto err;
329	}
330
331	if ((order = BN_new()) == NULL) {
332	fprintf(stderr, "%s: order = BN_new() failed\n", __func__);
333	goto err;
334	}
335	if ((cofactor = BN_new()) == NULL) {
336	fprintf(stderr, "%s: cofactor = BN_new() failed\n", __func__);
337	goto err;
338	}
339
340	if (!EC_GROUP_get_order(group, order, NULL)) {
341	fprintf(stderr, "%s: EC_GROUP_get_order() failed\n", __func__);
342	goto err;
343	}
344	if (!EC_GROUP_get_cofactor(group, cofactor, NULL)) {
345	fprintf(stderr, "%s: EC_GROUP_get_cofactor() failed\n",
346	__func__);
347	goto err;
348	}
349
350	/* Decrement order so order * generator != (point at infinity). */
351	if (!BN_sub_word(order, 1)) {
352	fprintf(stderr, "%s: BN_sub_word() failed\n", __func__);
353	goto err;
354	}
355
356	/* Now set this nonsense on the group. */
357	if (!EC_GROUP_set_generator(group, generator, order, cofactor)) {
358	fprintf(stderr, "%s: EC_GROUP_set_generator() failed\n",
359	__func__);
360	goto err;
361	}
362
363	/* We should now fail the parameter check. */
364	if (EVP_PKEY_param_check(pkey_ctx) == 1) {
365	fprintf(stderr,
366	"%s: EVP_PKEY_param_check(), succeeded unexpectedly\n",
367	__func__);
368	fail_soft = 1;
369	}
370
371	if (ERR_peek_error() == 0) {
372	fprintf(stderr, "%s: expected a group order error\n", __func__);
373	fail_soft = 1;
374	}
375	ERR_clear_error();
376
377	failed = 0;
378
379	err:
380	EVP_PKEY_CTX_free(pkey_ctx);
381	EVP_PKEY_free(pkey);
382	BN_free(order);
383	BN_free(cofactor);
384
385	return failed \| fail_soft;
386	}
387
388	int
389	main(void)
390	{
391	int failed = 0;
392
393	failed \|= evp_pkey_check_rsa();
394	failed \|= evp_pkey_check_ec();
395
396	return failed;
397	}