2 * Copyright 2015-2022 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
39 static OSSL_LIB_CTX
*testctx
= NULL
;
40 static char *testpropq
= NULL
;
42 static OSSL_PROVIDER
*nullprov
= NULL
;
43 static OSSL_PROVIDER
*deflprov
= NULL
;
44 static OSSL_PROVIDER
*lgcyprov
= NULL
;
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
50 static const unsigned char kExampleRSAKeyDER
[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER
[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
155 static const unsigned char kExampleBadRSAKeyDER
[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
248 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
251 static const unsigned char kExampleBad2RSAKeyDER
[] = {
252 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
253 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
254 0x01, 0x00, 0x02, 0x01, 0x00
257 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
259 static const unsigned char kSignature
[] = {
260 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
261 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
262 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
263 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
264 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
265 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
266 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
267 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
268 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
269 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
270 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
274 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
277 static const unsigned char kExampleRSAKeyPKCS8
[] = {
278 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
279 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
280 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
281 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
282 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
283 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
284 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
285 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
286 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
287 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
288 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
289 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
290 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
291 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
292 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
293 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
294 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
295 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
296 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
297 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
298 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
299 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
300 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
301 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
302 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
303 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
304 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
305 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
306 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
307 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
308 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
309 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
310 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
311 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
312 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
313 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
314 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
315 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
316 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
317 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
318 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
319 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
320 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
321 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
322 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
323 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
324 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
325 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
326 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
327 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
328 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
329 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
330 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
333 #ifndef OPENSSL_NO_EC
335 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
338 static const unsigned char kExampleECKeyDER
[] = {
339 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
340 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
341 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
342 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
343 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
344 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
345 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
346 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
347 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
348 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
353 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
354 * structure. The private key is equal to the order and will fail to import
356 static const unsigned char kExampleBadECKeyDER
[] = {
357 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
358 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
359 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
360 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
361 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
362 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
363 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
364 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
365 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
369 static const unsigned char kExampleECPubKeyDER
[] = {
370 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
371 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
372 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
373 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
374 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
375 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
376 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
377 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
381 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
382 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
384 static const unsigned char kExampleBadECPubKeyDER
[] = {
385 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
386 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
387 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
388 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
389 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
390 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
391 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
392 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
395 static const unsigned char pExampleECParamDER
[] = {
396 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
399 static const unsigned char kExampleED25519KeyDER
[] = {
400 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
401 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
402 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
403 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
406 static const unsigned char kExampleED25519PubKeyDER
[] = {
407 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
408 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
409 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
410 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
413 # ifndef OPENSSL_NO_DEPRECATED_3_0
414 static const unsigned char kExampleX25519KeyDER
[] = {
415 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
416 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
417 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
418 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
423 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
424 #ifndef OPENSSL_NO_DEPRECATED_3_0
425 # ifndef OPENSSL_NO_DH
426 static const unsigned char kExampleDHKeyDER
[] = {
427 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
428 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
429 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
430 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
431 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
432 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
433 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
434 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
435 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
436 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
437 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
438 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
439 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
440 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
441 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
442 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
443 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
444 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
445 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
446 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
447 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
448 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
449 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
450 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
451 0x2e, 0x87, 0x2a, 0x0b, 0x7a
456 static const unsigned char kCFBDefaultKey
[] = {
457 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
458 0x09, 0xCF, 0x4F, 0x3C
461 static const unsigned char kGCMDefaultKey
[32] = { 0 };
463 static const unsigned char kGCMResetKey
[] = {
464 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
465 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
466 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
469 static const unsigned char iCFBIV
[] = {
470 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
471 0x0C, 0x0D, 0x0E, 0x0F
474 static const unsigned char iGCMDefaultIV
[12] = { 0 };
476 static const unsigned char iGCMResetIV1
[] = {
477 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
480 static const unsigned char iGCMResetIV2
[] = {
481 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
484 static const unsigned char cfbPlaintext
[] = {
485 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
486 0x73, 0x93, 0x17, 0x2A
489 static const unsigned char gcmDefaultPlaintext
[16] = { 0 };
491 static const unsigned char gcmResetPlaintext
[] = {
492 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
493 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
494 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
495 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
496 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
499 static const unsigned char cfbCiphertext
[] = {
500 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
501 0xE8, 0x3C, 0xFB, 0x4A
504 static const unsigned char gcmDefaultCiphertext
[] = {
505 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
506 0xba, 0xf3, 0x9d, 0x18
509 static const unsigned char gcmResetCiphertext1
[] = {
510 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
511 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
512 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
513 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
514 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
517 static const unsigned char gcmResetCiphertext2
[] = {
518 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
519 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
520 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
521 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
522 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
525 static const unsigned char gcmAAD
[] = {
526 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
527 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
530 static const unsigned char gcmDefaultTag
[] = {
531 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
532 0xd4, 0x8a, 0xb9, 0x19
535 static const unsigned char gcmResetTag1
[] = {
536 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
537 0xfe, 0x2e, 0xa8, 0xf2
540 static const unsigned char gcmResetTag2
[] = {
541 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
542 0xbb, 0x2d, 0x55, 0x1b
545 typedef struct APK_DATA_st
{
546 const unsigned char *kder
;
553 int type
; /* 0 for private, 1 for public, 2 for params */
556 static APK_DATA keydata
[] = {
557 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
},
558 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), "RSA", EVP_PKEY_RSA
},
559 #ifndef OPENSSL_NO_EC
560 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
}
564 static APK_DATA keycheckdata
[] = {
565 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
, 1, 1, 1,
567 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), "RSA", EVP_PKEY_RSA
,
569 {kExampleBad2RSAKeyDER
, sizeof(kExampleBad2RSAKeyDER
), "RSA", EVP_PKEY_RSA
,
570 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
571 #ifndef OPENSSL_NO_EC
572 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
, 1, 1, 1, 0},
573 /* group is also associated in our pub key */
574 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), "EC", EVP_PKEY_EC
, 0, 1,
576 {pExampleECParamDER
, sizeof(pExampleECParamDER
), "EC", EVP_PKEY_EC
, 0, 0, 1,
578 {kExampleED25519KeyDER
, sizeof(kExampleED25519KeyDER
), "ED25519",
579 EVP_PKEY_ED25519
, 1, 1, 1, 0},
580 {kExampleED25519PubKeyDER
, sizeof(kExampleED25519PubKeyDER
), "ED25519",
581 EVP_PKEY_ED25519
, 0, 1, 1, 1},
585 static EVP_PKEY
*load_example_key(const char *keytype
,
586 const unsigned char *data
, size_t data_len
)
588 const unsigned char **pdata
= &data
;
589 EVP_PKEY
*pkey
= NULL
;
590 OSSL_DECODER_CTX
*dctx
=
591 OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", NULL
, keytype
, 0,
594 /* |pkey| will be NULL on error */
595 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
596 OSSL_DECODER_CTX_free(dctx
);
600 static EVP_PKEY
*load_example_rsa_key(void)
602 return load_example_key("RSA", kExampleRSAKeyDER
,
603 sizeof(kExampleRSAKeyDER
));
606 #ifndef OPENSSL_NO_DSA
607 static EVP_PKEY
*load_example_dsa_key(void)
609 return load_example_key("DSA", kExampleDSAKeyDER
,
610 sizeof(kExampleDSAKeyDER
));
614 #ifndef OPENSSL_NO_EC
615 static EVP_PKEY
*load_example_ec_key(void)
617 return load_example_key("EC", kExampleECKeyDER
,
618 sizeof(kExampleECKeyDER
));
622 #ifndef OPENSSL_NO_DEPRECATED_3_0
623 # ifndef OPENSSL_NO_DH
624 static EVP_PKEY
*load_example_dh_key(void)
626 return load_example_key("DH", kExampleDHKeyDER
,
627 sizeof(kExampleDHKeyDER
));
631 # ifndef OPENSSL_NO_EC
632 static EVP_PKEY
*load_example_ed25519_key(void)
634 return load_example_key("ED25519", kExampleED25519KeyDER
,
635 sizeof(kExampleED25519KeyDER
));
638 static EVP_PKEY
*load_example_x25519_key(void)
640 return load_example_key("X25519", kExampleX25519KeyDER
,
641 sizeof(kExampleX25519KeyDER
));
644 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
646 static EVP_PKEY
*load_example_hmac_key(void)
648 EVP_PKEY
*pkey
= NULL
;
649 unsigned char key
[] = {
650 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
651 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
652 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
655 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, "HMAC",
656 NULL
, key
, sizeof(key
));
663 static int test_EVP_set_default_properties(void)
669 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
670 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
675 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
676 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
677 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
682 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
683 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
688 OSSL_LIB_CTX_free(ctx
);
692 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
693 static EVP_PKEY
*make_key_fromdata(char *keytype
, OSSL_PARAM
*params
)
695 EVP_PKEY_CTX
*pctx
= NULL
;
696 EVP_PKEY
*tmp_pkey
= NULL
, *pkey
= NULL
;
698 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, keytype
, testpropq
)))
700 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
701 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &tmp_pkey
, EVP_PKEY_KEYPAIR
,
705 if (!TEST_ptr(tmp_pkey
))
711 EVP_PKEY_free(tmp_pkey
);
712 EVP_PKEY_CTX_free(pctx
);
716 static int test_selection(EVP_PKEY
*pkey
, int selection
)
720 BIO
*bio
= BIO_new(BIO_s_mem());
722 ret
= PEM_write_bio_PUBKEY(bio
, pkey
);
723 if ((selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0) {
727 if (!TEST_false(ret
))
730 ret
= PEM_write_bio_PrivateKey_ex(bio
, pkey
, NULL
, NULL
, 0, NULL
, NULL
,
732 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
736 if (!TEST_false(ret
))
746 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
749 * Test combinations of private, public, missing and private + public key
750 * params to ensure they are all accepted
752 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
753 static int test_EVP_PKEY_ffc_priv_pub(char *keytype
)
755 OSSL_PARAM_BLD
*bld
= NULL
;
756 OSSL_PARAM
*params
= NULL
;
757 EVP_PKEY
*just_params
= NULL
;
758 EVP_PKEY
*params_and_priv
= NULL
;
759 EVP_PKEY
*params_and_pub
= NULL
;
760 EVP_PKEY
*params_and_keypair
= NULL
;
761 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
765 * Setup the parameters for our pkey object. For our purposes they don't
766 * have to actually be *valid* parameters. We just need to set something.
768 if (!TEST_ptr(p
= BN_new())
769 || !TEST_ptr(q
= BN_new())
770 || !TEST_ptr(g
= BN_new())
771 || !TEST_ptr(pub
= BN_new())
772 || !TEST_ptr(priv
= BN_new()))
775 /* Test !priv and !pub */
776 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
777 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
778 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
779 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
)))
781 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
782 || !TEST_ptr(just_params
= make_key_fromdata(keytype
, params
)))
785 OSSL_PARAM_free(params
);
786 OSSL_PARAM_BLD_free(bld
);
790 if (!test_selection(just_params
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
791 || test_selection(just_params
, OSSL_KEYMGMT_SELECT_KEYPAIR
))
794 /* Test priv and !pub */
795 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
796 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
797 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
798 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
799 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
802 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
803 || !TEST_ptr(params_and_priv
= make_key_fromdata(keytype
, params
)))
806 OSSL_PARAM_free(params
);
807 OSSL_PARAM_BLD_free(bld
);
811 if (!test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
)
812 || test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
815 /* Test !priv and pub */
816 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
817 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
818 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
819 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
823 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
824 || !TEST_ptr(params_and_pub
= make_key_fromdata(keytype
, params
)))
827 OSSL_PARAM_free(params
);
828 OSSL_PARAM_BLD_free(bld
);
832 if (!test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
)
833 || test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
836 /* Test priv and pub */
837 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
838 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
839 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
840 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
843 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
846 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
847 || !TEST_ptr(params_and_keypair
= make_key_fromdata(keytype
, params
)))
850 if (!test_selection(params_and_keypair
, EVP_PKEY_KEYPAIR
))
855 OSSL_PARAM_free(params
);
856 OSSL_PARAM_BLD_free(bld
);
857 EVP_PKEY_free(just_params
);
858 EVP_PKEY_free(params_and_priv
);
859 EVP_PKEY_free(params_and_pub
);
860 EVP_PKEY_free(params_and_keypair
);
869 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
872 * Test combinations of private, public, missing and private + public key
873 * params to ensure they are all accepted for EC keys
875 #ifndef OPENSSL_NO_EC
876 static unsigned char ec_priv
[] = {
877 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
878 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
879 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
881 static unsigned char ec_pub
[] = {
882 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
883 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
884 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
885 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
886 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
887 0x08, 0x09, 0xb8, 0xdb, 0x03
890 static int test_EC_priv_pub(void)
892 OSSL_PARAM_BLD
*bld
= NULL
;
893 OSSL_PARAM
*params
= NULL
;
894 EVP_PKEY
*just_params
= NULL
;
895 EVP_PKEY
*params_and_priv
= NULL
;
896 EVP_PKEY
*params_and_pub
= NULL
;
897 EVP_PKEY
*params_and_keypair
= NULL
;
900 unsigned char *encoded
= NULL
;
903 * Setup the parameters for our pkey object. For our purposes they don't
904 * have to actually be *valid* parameters. We just need to set something.
906 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
909 /* Test !priv and !pub */
910 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
911 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
912 OSSL_PKEY_PARAM_GROUP_NAME
,
915 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
916 || !TEST_ptr(just_params
= make_key_fromdata("EC", params
)))
919 OSSL_PARAM_free(params
);
920 OSSL_PARAM_BLD_free(bld
);
924 if (!test_selection(just_params
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
925 || test_selection(just_params
, OSSL_KEYMGMT_SELECT_KEYPAIR
))
928 /* Test priv and !pub */
929 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
930 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
931 OSSL_PKEY_PARAM_GROUP_NAME
,
933 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
936 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
937 || !TEST_ptr(params_and_priv
= make_key_fromdata("EC", params
)))
940 OSSL_PARAM_free(params
);
941 OSSL_PARAM_BLD_free(bld
);
946 * We indicate only parameters here, in spite of having built a key that
947 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
948 * expected to fail because it does not support exporting a private EC
949 * key without a corresponding public key
951 if (!test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
952 || test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
955 /* Test !priv and pub */
956 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
957 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
958 OSSL_PKEY_PARAM_GROUP_NAME
,
960 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
961 OSSL_PKEY_PARAM_PUB_KEY
,
962 ec_pub
, sizeof(ec_pub
))))
964 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
965 || !TEST_ptr(params_and_pub
= make_key_fromdata("EC", params
)))
968 OSSL_PARAM_free(params
);
969 OSSL_PARAM_BLD_free(bld
);
973 if (!test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
)
974 || test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
977 /* Test priv and pub */
978 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
979 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
980 OSSL_PKEY_PARAM_GROUP_NAME
,
982 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
983 OSSL_PKEY_PARAM_PUB_KEY
,
984 ec_pub
, sizeof(ec_pub
)))
985 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
988 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
989 || !TEST_ptr(params_and_keypair
= make_key_fromdata("EC", params
)))
992 if (!test_selection(params_and_keypair
, EVP_PKEY_KEYPAIR
))
995 /* Try key equality */
996 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, just_params
), 0)
997 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_pub
),
999 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_priv
),
1001 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_keypair
),
1003 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub
, params_and_pub
), 0)
1004 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv
, params_and_priv
), 0)
1005 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair
, params_and_pub
), 0)
1006 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair
, params_and_priv
), 0))
1009 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1010 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub
, &encoded
), 0))
1012 OPENSSL_free(encoded
);
1014 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params
, &encoded
), 0)) {
1015 OPENSSL_free(encoded
);
1022 OSSL_PARAM_free(params
);
1023 OSSL_PARAM_BLD_free(bld
);
1024 EVP_PKEY_free(just_params
);
1025 EVP_PKEY_free(params_and_priv
);
1026 EVP_PKEY_free(params_and_pub
);
1027 EVP_PKEY_free(params_and_keypair
);
1033 /* Test that using a legacy EC key with only a private key in it works */
1034 # ifndef OPENSSL_NO_DEPRECATED_3_0
1035 static int test_EC_priv_only_legacy(void)
1037 BIGNUM
*priv
= NULL
;
1039 EC_KEY
*eckey
= NULL
;
1040 EVP_PKEY
*pkey
= NULL
, *dup_pk
= NULL
;
1041 EVP_MD_CTX
*ctx
= NULL
;
1043 /* Create the low level EC_KEY */
1044 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
1047 eckey
= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
);
1048 if (!TEST_ptr(eckey
))
1051 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
1054 pkey
= EVP_PKEY_new();
1055 if (!TEST_ptr(pkey
))
1058 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1062 while (dup_pk
== NULL
) {
1064 ctx
= EVP_MD_CTX_new();
1069 * The EVP_DigestSignInit function should create the key on the
1070 * provider side which is sufficient for this test.
1072 if (!TEST_true(EVP_DigestSignInit_ex(ctx
, NULL
, NULL
, testctx
,
1073 testpropq
, pkey
, NULL
)))
1075 EVP_MD_CTX_free(ctx
);
1078 if (!TEST_ptr(dup_pk
= EVP_PKEY_dup(pkey
)))
1080 /* EVP_PKEY_eq() returns -2 with missing public keys */
1081 ret
= TEST_int_eq(EVP_PKEY_eq(pkey
, dup_pk
), -2);
1082 EVP_PKEY_free(pkey
);
1089 EVP_MD_CTX_free(ctx
);
1090 EVP_PKEY_free(pkey
);
1096 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1097 #endif /* OPENSSL_NO_EC */
1099 static int test_EVP_PKEY_sign(int tst
)
1102 EVP_PKEY
*pkey
= NULL
;
1103 unsigned char *sig
= NULL
;
1104 size_t sig_len
= 0, shortsig_len
= 1;
1105 EVP_PKEY_CTX
*ctx
= NULL
;
1106 unsigned char tbs
[] = {
1107 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1108 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1112 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1114 } else if (tst
== 1) {
1115 #ifndef OPENSSL_NO_DSA
1116 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1123 #ifndef OPENSSL_NO_EC
1124 if (!TEST_ptr(pkey
= load_example_ec_key()))
1132 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1134 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1135 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1138 sig
= OPENSSL_malloc(sig_len
);
1140 /* Test sending a signature buffer that is too short is rejected */
1141 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1143 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1145 /* Test the signature round-trips */
1146 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1147 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1153 EVP_PKEY_CTX_free(ctx
);
1155 EVP_PKEY_free(pkey
);
1160 * n = 0 => test using legacy cipher
1161 * n = 1 => test using fetched cipher
1163 static int test_EVP_Enveloped(int n
)
1166 EVP_CIPHER_CTX
*ctx
= NULL
;
1167 EVP_PKEY
*keypair
= NULL
;
1168 unsigned char *kek
= NULL
;
1169 unsigned char iv
[EVP_MAX_IV_LENGTH
];
1170 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1171 int len
, kek_len
, ciphertext_len
, plaintext_len
;
1172 unsigned char ciphertext
[32], plaintext
[16];
1173 EVP_CIPHER
*type
= NULL
;
1175 if (nullprov
!= NULL
)
1176 return TEST_skip("Test does not support a non-default library context");
1179 type
= (EVP_CIPHER
*)EVP_aes_256_cbc();
1180 else if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "AES-256-CBC",
1184 if (!TEST_ptr(keypair
= load_example_rsa_key())
1185 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_get_size(keypair
)))
1186 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1187 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
1189 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
1191 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
1195 ciphertext_len
+= len
;
1197 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
1198 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
1199 ciphertext
, ciphertext_len
))
1200 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
1203 plaintext_len
+= len
;
1204 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
1210 EVP_CIPHER_free(type
);
1212 EVP_PKEY_free(keypair
);
1213 EVP_CIPHER_CTX_free(ctx
);
1218 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1219 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1220 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1221 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1222 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1223 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1224 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1225 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1226 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1227 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1228 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1229 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1230 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1231 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1232 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1233 * Test 15-29: Same as above with reinitialization
1235 static int test_EVP_DigestSignInit(int tst
)
1238 EVP_PKEY
*pkey
= NULL
;
1239 unsigned char *sig
= NULL
, *sig2
= NULL
;
1240 size_t sig_len
= 0, sig2_len
= 0, shortsig_len
= 1;
1241 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
1242 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
1243 BIO
*mdbio
= NULL
, *membio
= NULL
;
1246 EVP_MD
*mdexp
= NULL
;
1249 if (nullprov
!= NULL
)
1250 return TEST_skip("Test does not support a non-default library context");
1257 if (tst
>= 6 && tst
<= 8) {
1258 membio
= BIO_new(BIO_s_mem());
1259 mdbio
= BIO_new(BIO_f_md());
1260 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
1262 BIO_push(mdbio
, membio
);
1263 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
1266 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
1267 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
1272 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1274 } else if (tst
% 3 == 1) {
1275 #ifndef OPENSSL_NO_DSA
1276 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1283 if (!TEST_ptr(pkey
= load_example_hmac_key()))
1287 if (tst
>= 3 && tst
<= 5)
1288 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
1292 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
1295 if (reinit
&& !TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, NULL
, NULL
, NULL
)))
1298 if (tst
>= 6 && tst
<= 8) {
1299 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
1301 } else if (tst
< 6) {
1302 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1307 /* Determine the size of the signature. */
1308 if (!TEST_true(EVP_DigestSign(md_ctx
, NULL
, &sig_len
, kMsg
,
1310 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1313 /* Test that supply a short sig buffer fails */
1314 if (!TEST_false(EVP_DigestSign(md_ctx
, sig
, &shortsig_len
, kMsg
,
1318 * We end here because once EVP_DigestSign() has failed you should
1319 * not call it again without re-initing the ctx
1324 if (!TEST_true(EVP_DigestSign(md_ctx
, sig
, &sig_len
, kMsg
,
1328 /* Determine the size of the signature. */
1329 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
1330 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
1332 * Trying to create a signature with a deliberately short
1333 * buffer should fail.
1335 || !TEST_false(EVP_DigestSignFinal(md_ctx
, sig
, &shortsig_len
))
1336 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1341 * Ensure that the signature round-trips (Verification isn't supported for
1342 * HMAC via EVP_DigestVerify*)
1345 if (tst
>= 6 && tst
<= 8) {
1346 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
1347 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
1351 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
1355 if (tst
>= 6 && tst
<= 8) {
1356 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
1359 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
1363 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1366 /* Multiple calls to EVP_DigestVerifyFinal should work */
1367 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1371 * For HMAC a doubled call to DigestSignFinal should produce the same
1372 * value as finalization should not happen.
1374 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig2_len
))
1375 || !TEST_ptr(sig2
= OPENSSL_malloc(sig2_len
))
1376 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig2
, &sig2_len
)))
1379 if (!TEST_mem_eq(sig
, sig_len
, sig2
, sig2_len
))
1388 EVP_MD_CTX_free(a_md_ctx
);
1389 EVP_MD_CTX_free(a_md_ctx_verify
);
1390 EVP_PKEY_free(pkey
);
1398 static int test_EVP_DigestVerifyInit(void)
1401 EVP_PKEY
*pkey
= NULL
;
1402 EVP_MD_CTX
*md_ctx
= NULL
;
1404 if (nullprov
!= NULL
)
1405 return TEST_skip("Test does not support a non-default library context");
1407 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1408 || !TEST_ptr(pkey
= load_example_rsa_key()))
1411 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
1412 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1413 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1414 sizeof(kSignature
)), 0))
1417 /* test with reinitialization */
1418 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, NULL
, NULL
, NULL
))
1419 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1420 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1421 sizeof(kSignature
)), 0))
1426 EVP_MD_CTX_free(md_ctx
);
1427 EVP_PKEY_free(pkey
);
1431 #ifndef OPENSSL_NO_SIPHASH
1432 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1433 static int test_siphash_digestsign(void)
1435 unsigned char key
[16];
1436 unsigned char buf
[8], digest
[8];
1437 unsigned char expected
[8] = {
1438 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1440 EVP_PKEY
*pkey
= NULL
;
1441 EVP_MD_CTX
*mdctx
= NULL
;
1442 EVP_PKEY_CTX
*ctx
= NULL
;
1446 if (nullprov
!= NULL
)
1447 return TEST_skip("Test does not support a non-default library context");
1451 if (!TEST_ptr(pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH
, NULL
,
1455 if (!TEST_ptr(mdctx
= EVP_MD_CTX_create()))
1458 if (!TEST_true(EVP_DigestSignInit(mdctx
, &ctx
, NULL
, NULL
, pkey
)))
1460 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_SIGNCTX
,
1461 EVP_PKEY_CTRL_SET_DIGEST_SIZE
,
1465 if (!TEST_true(EVP_DigestSignInit(mdctx
, NULL
, NULL
, NULL
, NULL
)))
1467 if (!TEST_true(EVP_DigestSignUpdate(mdctx
, buf
, 8)))
1469 if (!TEST_true(EVP_DigestSignFinal(mdctx
, digest
, &len
)))
1471 if (!TEST_mem_eq(digest
, len
, expected
, sizeof(expected
)))
1476 EVP_PKEY_free(pkey
);
1477 EVP_MD_CTX_free(mdctx
);
1483 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1485 static int test_EVP_Digest(void)
1488 EVP_MD_CTX
*md_ctx
= NULL
;
1489 unsigned char md
[EVP_MAX_MD_SIZE
];
1490 EVP_MD
*sha256
= NULL
;
1491 EVP_MD
*shake256
= NULL
;
1493 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1496 if (!TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", testpropq
))
1497 || !TEST_ptr(shake256
= EVP_MD_fetch(testctx
, "shake256", testpropq
)))
1500 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1501 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1502 || !TEST_true(EVP_DigestFinal(md_ctx
, md
, NULL
))
1503 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1504 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx
), NULL
))
1507 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1508 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1509 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md
, NULL
))
1510 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1511 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1513 * EVP_DigestInit_ex with NULL type should work on
1514 * pre-initialized context.
1516 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1519 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, shake256
, NULL
))
1520 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1521 || !TEST_true(EVP_DigestFinalXOF(md_ctx
, md
, sizeof(md
)))
1522 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1523 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1524 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1529 EVP_MD_CTX_free(md_ctx
);
1530 EVP_MD_free(sha256
);
1531 EVP_MD_free(shake256
);
1535 static int test_EVP_md_null(void)
1538 EVP_MD_CTX
*md_ctx
= NULL
;
1539 const EVP_MD
*md_null
= EVP_md_null();
1540 unsigned char md_value
[EVP_MAX_MD_SIZE
];
1541 unsigned int md_len
= sizeof(md_value
);
1543 if (nullprov
!= NULL
)
1544 return TEST_skip("Test does not support a non-default library context");
1546 if (!TEST_ptr(md_null
)
1547 || !TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1550 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, md_null
, NULL
))
1551 || !TEST_true(EVP_DigestUpdate(md_ctx
, "test", 4))
1552 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md_value
, &md_len
)))
1555 if (!TEST_uint_eq(md_len
, 0))
1560 EVP_MD_CTX_free(md_ctx
);
1564 static int test_d2i_AutoPrivateKey(int i
)
1567 const unsigned char *p
;
1568 EVP_PKEY
*pkey
= NULL
;
1569 const APK_DATA
*ak
= &keydata
[i
];
1570 const unsigned char *input
= ak
->kder
;
1571 size_t input_len
= ak
->size
;
1572 int expected_id
= ak
->evptype
;
1575 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1576 || !TEST_ptr_eq(p
, input
+ input_len
)
1577 || !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
1583 EVP_PKEY_free(pkey
);
1587 #ifndef OPENSSL_NO_EC
1589 static const unsigned char ec_public_sect163k1_validxy
[] = {
1590 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1591 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1592 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1593 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1594 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1595 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1598 static const unsigned char ec_public_sect163k1_badx
[] = {
1599 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1600 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1601 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1602 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1603 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1604 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1607 static const unsigned char ec_public_sect163k1_bady
[] = {
1608 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1609 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1610 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1611 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1612 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1613 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1616 static struct ec_der_pub_keys_st
{
1617 const unsigned char *der
;
1620 } ec_der_pub_keys
[] = {
1621 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
1622 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
1623 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
1627 * Tests the range of the decoded EC char2 public point.
1628 * See ec_GF2m_simple_oct2point().
1630 static int test_invalide_ec_char2_pub_range_decode(int id
)
1635 pkey
= load_example_key("EC", ec_der_pub_keys
[id
].der
,
1636 ec_der_pub_keys
[id
].len
);
1638 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(pkey
))
1639 || TEST_ptr_null(pkey
);
1640 EVP_PKEY_free(pkey
);
1644 /* Tests loading a bad key in PKCS8 format */
1645 static int test_EVP_PKCS82PKEY(void)
1648 const unsigned char *derp
= kExampleBadECKeyDER
;
1649 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1650 EVP_PKEY
*pkey
= NULL
;
1652 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
1653 sizeof(kExampleBadECKeyDER
))))
1656 if (!TEST_ptr_eq(derp
,
1657 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
1660 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
1666 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1667 EVP_PKEY_free(pkey
);
1673 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1675 EVP_PKEY
*pkey
= NULL
;
1676 EVP_PKEY
*pkey2
= NULL
;
1678 char *membuf
= NULL
;
1679 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1682 if (testctx
!= NULL
)
1683 /* test not supported with non-default context */
1686 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1687 || !TEST_ptr(pkey
= load_example_rsa_key())
1688 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1689 NULL
, 0, NULL
, NULL
),
1691 || !TEST_int_gt(BIO_get_mem_data(membio
, &membuf
), 0)
1692 || !TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO_bio(membio
, NULL
))
1693 || !TEST_ptr(pkey2
= EVP_PKCS82PKEY(p8inf
))
1694 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1700 EVP_PKEY_free(pkey
);
1701 EVP_PKEY_free(pkey2
);
1702 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1703 BIO_free_all(membio
);
1707 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1708 static int test_privatekey_to_pkcs8(void)
1710 EVP_PKEY
*pkey
= NULL
;
1712 char *membuf
= NULL
;
1713 long membuf_len
= 0;
1716 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1717 || !TEST_ptr(pkey
= load_example_rsa_key())
1718 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1719 NULL
, 0, NULL
, NULL
),
1721 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
1722 || !TEST_ptr(membuf
)
1723 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
1724 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
1726 * We try to write PEM as well, just to see that it doesn't err, but
1727 * assume that the result is correct.
1729 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
1730 NULL
, 0, NULL
, NULL
),
1736 EVP_PKEY_free(pkey
);
1737 BIO_free_all(membio
);
1741 #ifndef OPENSSL_NO_EC
1742 static const struct {
1744 const char *encoding_name
;
1745 } ec_encodings
[] = {
1746 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
1747 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
1750 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
1752 const OSSL_PARAM
*p
;
1753 const char *enc_name
= NULL
;
1759 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
1760 OSSL_PKEY_PARAM_EC_ENCODING
))
1761 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
1764 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
1765 if (OPENSSL_strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
1766 *enc
= ec_encodings
[i
].encoding
;
1771 return (*enc
!= -1);
1774 static int test_EC_keygen_with_enc(int idx
)
1776 EVP_PKEY
*params
= NULL
, *key
= NULL
;
1777 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
1781 enc
= ec_encodings
[idx
].encoding
;
1783 /* Create key parameters */
1784 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
1785 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx
), 0)
1786 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"), 0)
1787 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
), 0)
1788 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
1789 || !TEST_ptr(params
))
1793 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
1794 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
1795 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
1799 /* Check that the encoding got all the way into the key */
1800 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
1801 ec_export_get_encoding_cb
, &enc
))
1802 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
1808 EVP_PKEY_free(params
);
1809 EVP_PKEY_CTX_free(kctx
);
1810 EVP_PKEY_CTX_free(pctx
);
1815 #if !defined(OPENSSL_NO_SM2)
1817 static int test_EVP_SM2_verify(void)
1819 const char *pubkey
=
1820 "-----BEGIN PUBLIC KEY-----\n"
1821 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1822 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1823 "-----END PUBLIC KEY-----\n";
1825 const char *msg
= "message digest";
1826 const char *id
= "ALICE123@YAHOO.COM";
1828 const uint8_t signature
[] = {
1829 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1830 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1831 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1832 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1833 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1834 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1835 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1840 EVP_PKEY
*pkey
= NULL
;
1841 EVP_MD_CTX
*mctx
= NULL
;
1842 EVP_PKEY_CTX
*pctx
= NULL
;
1845 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
1846 if (!TEST_true(bio
!= NULL
))
1849 pkey
= PEM_read_bio_PUBKEY_ex(bio
, NULL
, NULL
, NULL
, testctx
, testpropq
);
1850 if (!TEST_true(pkey
!= NULL
))
1853 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
1856 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
1859 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1862 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
1864 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1867 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, sm3
, NULL
, pkey
)))
1870 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
1873 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
1876 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
)), 0))
1882 EVP_PKEY_free(pkey
);
1883 EVP_PKEY_CTX_free(pctx
);
1884 EVP_MD_CTX_free(mctx
);
1889 static int test_EVP_SM2(void)
1892 EVP_PKEY
*pkey
= NULL
;
1893 EVP_PKEY
*pkeyparams
= NULL
;
1894 EVP_PKEY_CTX
*pctx
= NULL
;
1895 EVP_PKEY_CTX
*kctx
= NULL
;
1896 EVP_PKEY_CTX
*sctx
= NULL
;
1898 unsigned char *sig
= NULL
;
1899 EVP_MD_CTX
*md_ctx
= NULL
;
1900 EVP_MD_CTX
*md_ctx_verify
= NULL
;
1901 EVP_PKEY_CTX
*cctx
= NULL
;
1902 EVP_MD
*check_md
= NULL
;
1904 uint8_t ciphertext
[128];
1905 size_t ctext_len
= sizeof(ciphertext
);
1907 uint8_t plaintext
[8];
1908 size_t ptext_len
= sizeof(plaintext
);
1910 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1912 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1913 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1915 char mdname
[OSSL_MAX_NAME_SIZE
];
1917 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
,
1921 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
1924 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
), 0))
1927 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
1930 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1931 pkeyparams
, testpropq
)))
1934 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0))
1937 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
1940 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1943 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
1946 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1949 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
1950 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
1952 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1955 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, check_md
, NULL
, pkey
)))
1958 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1961 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1964 /* Determine the size of the signature. */
1965 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
1968 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1971 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1974 /* Ensure that the signature round-trips. */
1976 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
1980 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1983 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1986 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1990 * Try verify again with non-matching 0 length id but ensure that it can
1991 * be set on the context and overrides the previous value.
1994 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
1998 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, NULL
, 0), 0))
2001 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
2004 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
2007 /* now check encryption/decryption */
2009 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
2010 mdname
, sizeof(mdname
));
2011 for (i
= 0; i
< 2; i
++) {
2012 const char *mdnames
[] = {
2013 #ifndef OPENSSL_NO_SM3
2019 EVP_PKEY_CTX_free(cctx
);
2021 if (mdnames
[i
] == NULL
)
2025 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
2026 (char *)mdnames
[i
], 0);
2028 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
2032 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
2035 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
2038 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
2042 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
2045 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
2048 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
2052 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
2056 * Test we're still using the digest we think we are.
2057 * Because of aliases, the easiest is to fetch the digest and
2058 * check the name with EVP_MD_is_a().
2060 EVP_MD_free(check_md
);
2061 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, mdname
, testpropq
)))
2063 if (!TEST_true(EVP_MD_is_a(check_md
, mdnames
[i
]))) {
2064 TEST_info("Fetched md %s isn't %s", mdname
, mdnames
[i
]);
2068 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
2071 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
2077 EVP_PKEY_CTX_free(pctx
);
2078 EVP_PKEY_CTX_free(kctx
);
2079 EVP_PKEY_CTX_free(sctx
);
2080 EVP_PKEY_CTX_free(cctx
);
2081 EVP_PKEY_free(pkey
);
2082 EVP_PKEY_free(pkeyparams
);
2083 EVP_MD_CTX_free(md_ctx
);
2084 EVP_MD_CTX_free(md_ctx_verify
);
2085 EVP_MD_free(check_md
);
2092 static struct keys_st
{
2098 EVP_PKEY_HMAC
, "0123456789", NULL
2101 EVP_PKEY_HMAC
, "", NULL
2102 #ifndef OPENSSL_NO_POLY1305
2104 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
2106 #ifndef OPENSSL_NO_SIPHASH
2108 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
2111 #ifndef OPENSSL_NO_EC
2113 EVP_PKEY_X25519
, "01234567890123456789012345678901",
2114 "abcdefghijklmnopqrstuvwxyzabcdef"
2116 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
2117 "abcdefghijklmnopqrstuvwxyzabcdef"
2120 "01234567890123456789012345678901234567890123456789012345",
2121 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2124 "012345678901234567890123456789012345678901234567890123456",
2125 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2130 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
2133 unsigned char buf
[80];
2135 size_t inlen
, len
= 0, shortlen
= 1;
2138 /* Check if this algorithm supports public keys */
2139 if (pub
&& keys
[tst
].pub
== NULL
)
2142 memset(buf
, 0, sizeof(buf
));
2145 #ifndef OPENSSL_NO_EC
2146 inlen
= strlen(keys
[tst
].pub
);
2147 in
= (unsigned char *)keys
[tst
].pub
;
2149 pkey
= EVP_PKEY_new_raw_public_key_ex(
2151 OBJ_nid2sn(keys
[tst
].type
),
2156 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
2165 inlen
= strlen(keys
[tst
].priv
);
2166 in
= (unsigned char *)keys
[tst
].priv
;
2168 pkey
= EVP_PKEY_new_raw_private_key_ex(
2169 testctx
, OBJ_nid2sn(keys
[tst
].type
),
2174 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
2182 || !TEST_int_eq(EVP_PKEY_eq(pkey
, pkey
), 1)
2183 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
2184 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
2185 || !TEST_true(len
== inlen
))
2189 * Test that supplying a buffer that is too small fails. Doesn't apply
2190 * to HMAC with a zero length key
2192 if ((!pub
&& !TEST_false(EVP_PKEY_get_raw_private_key(pkey
, buf
,
2194 || (pub
&& !TEST_false(EVP_PKEY_get_raw_public_key(pkey
, buf
,
2198 if ((!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
2199 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
2200 || !TEST_mem_eq(in
, inlen
, buf
, len
))
2205 EVP_PKEY_free(pkey
);
2209 static int test_set_get_raw_keys(int tst
)
2211 return (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 0, 0))
2212 && test_set_get_raw_keys_int(tst
, 0, 1)
2213 && (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 1, 0))
2214 && test_set_get_raw_keys_int(tst
, 1, 1);
2217 #ifndef OPENSSL_NO_DEPRECATED_3_0
2218 static int pkey_custom_check(EVP_PKEY
*pkey
)
2223 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
2228 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
2233 static EVP_PKEY_METHOD
*custom_pmeth
;
2236 static int test_EVP_PKEY_check(int i
)
2239 EVP_PKEY
*pkey
= NULL
;
2240 EVP_PKEY_CTX
*ctx
= NULL
;
2241 #ifndef OPENSSL_NO_DEPRECATED_3_0
2242 EVP_PKEY_CTX
*ctx2
= NULL
;
2244 const APK_DATA
*ak
= &keycheckdata
[i
];
2245 const unsigned char *input
= ak
->kder
;
2246 size_t input_len
= ak
->size
;
2247 int expected_id
= ak
->evptype
;
2248 int expected_check
= ak
->check
;
2249 int expected_pub_check
= ak
->pub_check
;
2250 int expected_param_check
= ak
->param_check
;
2251 int type
= ak
->type
;
2253 if (!TEST_ptr(pkey
= load_example_key(ak
->keytype
, input
, input_len
)))
2256 && !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
2259 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2262 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
2265 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
2268 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
2271 #ifndef OPENSSL_NO_DEPRECATED_3_0
2272 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
2273 /* assign the pkey directly, as an internal test */
2274 EVP_PKEY_up_ref(pkey
);
2277 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
2280 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
2283 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
2290 EVP_PKEY_CTX_free(ctx
);
2291 #ifndef OPENSSL_NO_DEPRECATED_3_0
2292 EVP_PKEY_CTX_free(ctx2
);
2294 EVP_PKEY_free(pkey
);
2298 #ifndef OPENSSL_NO_CMAC
2299 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
2301 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
2302 const char msg
[] = "Hello World";
2303 size_t maclen
= AES_BLOCK_SIZE
;
2306 if (!TEST_ptr(mdctx
)
2307 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, NULL
, testctx
,
2308 testpropq
, pkey
, NULL
))
2309 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
2310 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
2311 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
2314 EVP_MD_CTX_free(mdctx
);
2318 static int test_CMAC_keygen(void)
2320 static unsigned char key
[] = {
2321 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2322 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2323 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2325 EVP_PKEY_CTX
*kctx
= NULL
;
2327 EVP_PKEY
*pkey
= NULL
;
2328 unsigned char mac
[AES_BLOCK_SIZE
];
2329 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2330 unsigned char mac2
[AES_BLOCK_SIZE
];
2333 if (nullprov
!= NULL
)
2334 return TEST_skip("Test does not support a non-default library context");
2337 * This is a legacy method for CMACs, but should still work.
2338 * This verifies that it works without an ENGINE.
2340 kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
2342 /* Test a CMAC key created using the "generated" method */
2343 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2344 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2345 EVP_PKEY_CTRL_CIPHER
,
2346 0, (void *)EVP_aes_256_ecb()), 0)
2347 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2348 EVP_PKEY_CTRL_SET_MAC_KEY
,
2349 sizeof(key
), (void *)key
), 0)
2350 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
2352 || !TEST_true(get_cmac_val(pkey
, mac
)))
2355 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2356 EVP_PKEY_free(pkey
);
2359 * Test a CMAC key using the direct method, and compare with the mac
2362 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_ecb());
2364 || !TEST_true(get_cmac_val(pkey
, mac2
))
2365 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
2372 EVP_PKEY_free(pkey
);
2373 EVP_PKEY_CTX_free(kctx
);
2378 static int test_HKDF(void)
2381 unsigned char out
[20];
2384 unsigned char salt
[] = "0123456789";
2385 unsigned char key
[] = "012345678901234567890123456789";
2386 unsigned char info
[] = "infostring";
2387 const unsigned char expected
[] = {
2388 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2389 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2391 size_t expectedlen
= sizeof(expected
);
2393 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2396 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2397 for (i
= 0; i
< 2; i
++) {
2398 outlen
= sizeof(out
);
2399 memset(out
, 0, outlen
);
2401 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2402 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2403 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2404 sizeof(salt
) - 1), 0)
2405 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2406 sizeof(key
) - 1), 0)
2407 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2408 sizeof(info
) - 1), 0)
2409 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2410 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2417 EVP_PKEY_CTX_free(pctx
);
2422 static int test_emptyikm_HKDF(void)
2425 unsigned char out
[20];
2428 unsigned char salt
[] = "9876543210";
2429 unsigned char key
[] = "";
2430 unsigned char info
[] = "stringinfo";
2431 const unsigned char expected
[] = {
2432 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2433 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2435 size_t expectedlen
= sizeof(expected
);
2437 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2440 outlen
= sizeof(out
);
2441 memset(out
, 0, outlen
);
2443 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2444 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2445 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2446 sizeof(salt
) - 1), 0)
2447 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2448 sizeof(key
) - 1), 0)
2449 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2450 sizeof(info
) - 1), 0)
2451 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2452 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2458 EVP_PKEY_CTX_free(pctx
);
2463 #ifndef OPENSSL_NO_EC
2464 static int test_X509_PUBKEY_inplace(void)
2467 X509_PUBKEY
*xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2468 const unsigned char *p
= kExampleECPubKeyDER
;
2469 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2473 if (!TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2476 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
2479 p
= kExampleBadECPubKeyDER
;
2480 input_len
= sizeof(kExampleBadECPubKeyDER
);
2482 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2485 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
2491 X509_PUBKEY_free(xp
);
2495 static int test_X509_PUBKEY_dup(void)
2498 X509_PUBKEY
*xp
= NULL
, *xq
= NULL
;
2499 const unsigned char *p
= kExampleECPubKeyDER
;
2500 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2502 xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2504 || !TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2505 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
))
2506 || !TEST_ptr_ne(xp
, xq
))
2509 if (!TEST_ptr(X509_PUBKEY_get0(xq
))
2510 || !TEST_ptr(X509_PUBKEY_get0(xp
))
2511 || !TEST_ptr_ne(X509_PUBKEY_get0(xq
), X509_PUBKEY_get0(xp
)))
2514 X509_PUBKEY_free(xq
);
2516 p
= kExampleBadECPubKeyDER
;
2517 input_len
= sizeof(kExampleBadECPubKeyDER
);
2519 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2520 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
)))
2523 X509_PUBKEY_free(xp
);
2525 if (!TEST_true(X509_PUBKEY_get0(xq
) == NULL
))
2531 X509_PUBKEY_free(xp
);
2532 X509_PUBKEY_free(xq
);
2535 #endif /* OPENSSL_NO_EC */
2537 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2538 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
2540 EVP_MD_CTX
*mdctx
= NULL
;
2541 EVP_PKEY_CTX
*ctx
= NULL
;
2542 const OSSL_PARAM
*params
;
2543 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
2546 char mdname
[OSSL_MAX_NAME_SIZE
];
2549 /* Initialise a sign operation */
2550 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
);
2552 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
2556 * We should be able to query the parameters now.
2558 params
= EVP_PKEY_CTX_settable_params(ctx
);
2559 if (!TEST_ptr(params
)
2560 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2561 OSSL_SIGNATURE_PARAM_DIGEST
)))
2564 params
= EVP_PKEY_CTX_gettable_params(ctx
);
2565 if (!TEST_ptr(params
)
2566 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2567 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
2568 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2569 OSSL_SIGNATURE_PARAM_DIGEST
)))
2573 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2574 * EVP_PKEY_CTX_get_params()
2576 strcpy(mdname
, "SHA512");
2578 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2580 *param
++ = OSSL_PARAM_construct_end();
2582 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
2586 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2587 mdname
, sizeof(mdname
));
2588 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
2589 || !TEST_str_eq(mdname
, "SHA512"))
2593 * Test the TEST_PKEY_CTX_set_signature_md() and
2594 * TEST_PKEY_CTX_get_signature_md() functions
2596 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
2597 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
2598 || !TEST_ptr_eq(md
, EVP_sha256()))
2602 * Test getting MD parameters via an associated EVP_PKEY_CTX
2604 mdctx
= EVP_MD_CTX_new();
2605 if (!TEST_ptr(mdctx
)
2606 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", testctx
, testpropq
,
2611 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2612 * able to obtain the digest's settable parameters from the provider.
2614 params
= EVP_MD_CTX_settable_params(mdctx
);
2615 if (!TEST_ptr(params
)
2616 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
2617 /* The final key should be NULL */
2618 || !TEST_ptr_null(params
[1].key
))
2622 memset(ssl3ms
, 0, sizeof(ssl3ms
));
2623 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
2624 ssl3ms
, sizeof(ssl3ms
));
2625 *param
++ = OSSL_PARAM_construct_end();
2627 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
2633 EVP_MD_CTX_free(mdctx
);
2634 EVP_PKEY_CTX_free(ctx
);
2639 #ifndef OPENSSL_NO_DSA
2640 static int test_DSA_get_set_params(void)
2642 OSSL_PARAM_BLD
*bld
= NULL
;
2643 OSSL_PARAM
*params
= NULL
;
2644 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
2645 EVP_PKEY_CTX
*pctx
= NULL
;
2646 EVP_PKEY
*pkey
= NULL
;
2650 * Setup the parameters for our DSA object. For our purposes they don't
2651 * have to actually be *valid* parameters. We just need to set something.
2653 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "DSA", NULL
))
2654 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2655 || !TEST_ptr(p
= BN_new())
2656 || !TEST_ptr(q
= BN_new())
2657 || !TEST_ptr(g
= BN_new())
2658 || !TEST_ptr(pub
= BN_new())
2659 || !TEST_ptr(priv
= BN_new()))
2661 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
2662 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
2663 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
2664 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
2666 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
2669 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2672 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2673 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2677 if (!TEST_ptr(pkey
))
2680 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2683 EVP_PKEY_free(pkey
);
2684 EVP_PKEY_CTX_free(pctx
);
2685 OSSL_PARAM_free(params
);
2686 OSSL_PARAM_BLD_free(bld
);
2697 * Test combinations of private, public, missing and private + public key
2698 * params to ensure they are all accepted
2700 static int test_DSA_priv_pub(void)
2702 return test_EVP_PKEY_ffc_priv_pub("DSA");
2705 #endif /* !OPENSSL_NO_DSA */
2707 static int test_RSA_get_set_params(void)
2709 OSSL_PARAM_BLD
*bld
= NULL
;
2710 OSSL_PARAM
*params
= NULL
;
2711 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
2712 EVP_PKEY_CTX
*pctx
= NULL
;
2713 EVP_PKEY
*pkey
= NULL
;
2717 * Setup the parameters for our RSA object. For our purposes they don't
2718 * have to actually be *valid* parameters. We just need to set something.
2720 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
2721 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2722 || !TEST_ptr(n
= BN_new())
2723 || !TEST_ptr(e
= BN_new())
2724 || !TEST_ptr(d
= BN_new()))
2726 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
2727 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
2728 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
2730 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2733 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2734 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2738 if (!TEST_ptr(pkey
))
2741 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2744 EVP_PKEY_free(pkey
);
2745 EVP_PKEY_CTX_free(pctx
);
2746 OSSL_PARAM_free(params
);
2747 OSSL_PARAM_BLD_free(bld
);
2755 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2756 static int test_decrypt_null_chunks(void)
2758 EVP_CIPHER_CTX
* ctx
= NULL
;
2759 EVP_CIPHER
*cipher
= NULL
;
2760 const unsigned char key
[32] = {
2761 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2762 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2763 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2765 unsigned char iv
[12] = {
2766 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2768 unsigned char msg
[] = "It was the best of times, it was the worst of times";
2769 unsigned char ciphertext
[80];
2770 unsigned char plaintext
[80];
2771 /* We initialise tmp to a non zero value on purpose */
2772 int ctlen
, ptlen
, tmp
= 99;
2774 const int enc_offset
= 10, dec_offset
= 20;
2776 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "ChaCha20-Poly1305", testpropq
))
2777 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
2778 || !TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
,
2780 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
2782 /* Deliberate add a zero length update */
2783 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
2785 || !TEST_int_eq(tmp
, 0)
2786 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
2788 sizeof(msg
) - enc_offset
))
2789 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
2790 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
2791 || !TEST_int_eq(tmp
, 0))
2794 /* Deliberately initialise tmp to a non zero value */
2796 if (!TEST_true(EVP_DecryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
2797 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
2800 * Deliberately add a zero length update. We also deliberately do
2801 * this at a different offset than for encryption.
2803 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
2805 || !TEST_int_eq(tmp
, 0)
2806 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
2807 ciphertext
+ dec_offset
,
2808 ctlen
- dec_offset
))
2809 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
2810 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
2811 || !TEST_int_eq(tmp
, 0)
2812 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
2817 EVP_CIPHER_CTX_free(ctx
);
2818 EVP_CIPHER_free(cipher
);
2821 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2823 #ifndef OPENSSL_NO_DH
2825 * Test combinations of private, public, missing and private + public key
2826 * params to ensure they are all accepted
2828 static int test_DH_priv_pub(void)
2830 return test_EVP_PKEY_ffc_priv_pub("DH");
2833 # ifndef OPENSSL_NO_DEPRECATED_3_0
2834 static int test_EVP_PKEY_set1_DH(void)
2836 DH
*x942dh
= NULL
, *noqdh
= NULL
;
2837 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
2839 BIGNUM
*p
, *g
= NULL
;
2840 BIGNUM
*pubkey
= NULL
;
2841 unsigned char pub
[2048 / 8];
2844 if (!TEST_ptr(p
= BN_new())
2845 || !TEST_ptr(g
= BN_new())
2846 || !TEST_ptr(pubkey
= BN_new())
2847 || !TEST_true(BN_set_word(p
, 9999))
2848 || !TEST_true(BN_set_word(g
, 2))
2849 || !TEST_true(BN_set_word(pubkey
, 4321))
2850 || !TEST_ptr(noqdh
= DH_new())
2851 || !TEST_true(DH_set0_pqg(noqdh
, p
, NULL
, g
))
2852 || !TEST_true(DH_set0_key(noqdh
, pubkey
, NULL
))
2853 || !TEST_ptr(pubkey
= BN_new())
2854 || !TEST_true(BN_set_word(pubkey
, 4321)))
2858 x942dh
= DH_get_2048_256();
2859 pkey1
= EVP_PKEY_new();
2860 pkey2
= EVP_PKEY_new();
2861 if (!TEST_ptr(x942dh
)
2865 || !TEST_true(DH_set0_key(x942dh
, pubkey
, NULL
)))
2869 if (!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
2870 || !TEST_int_eq(EVP_PKEY_get_id(pkey1
), EVP_PKEY_DHX
))
2873 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1
, OSSL_PKEY_PARAM_PUB_KEY
,
2875 || !TEST_ptr(pubkey
))
2878 if (!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
2879 || !TEST_int_eq(EVP_PKEY_get_id(pkey2
), EVP_PKEY_DH
))
2882 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2
,
2883 OSSL_PKEY_PARAM_PUB_KEY
,
2884 pub
, sizeof(pub
), &len
))
2885 || !TEST_size_t_ne(len
, 0))
2893 EVP_PKEY_free(pkey1
);
2894 EVP_PKEY_free(pkey2
);
2900 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2901 #endif /* !OPENSSL_NO_DH */
2904 * We test what happens with an empty template. For the sake of this test,
2905 * the template must be ignored, and we know that's the case for RSA keys
2906 * (this might arguably be a misfeature, but that's what we currently do,
2907 * even in provider code, since that's how the legacy RSA implementation
2910 static int test_keygen_with_empty_template(int n
)
2912 EVP_PKEY_CTX
*ctx
= NULL
;
2913 EVP_PKEY
*pkey
= NULL
;
2914 EVP_PKEY
*tkey
= NULL
;
2917 if (nullprov
!= NULL
)
2918 return TEST_skip("Test does not support a non-default library context");
2922 /* We do test with no template at all as well */
2923 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
2927 /* Here we create an empty RSA key that serves as our template */
2928 if (!TEST_ptr(tkey
= EVP_PKEY_new())
2929 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
2930 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
2935 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
2936 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
2941 EVP_PKEY_CTX_free(ctx
);
2942 EVP_PKEY_free(pkey
);
2943 EVP_PKEY_free(tkey
);
2948 * Test that we fail if we attempt to use an algorithm that is not available
2949 * in the current library context (unless we are using an algorithm that
2950 * should be made available via legacy codepaths).
2955 static int test_pkey_ctx_fail_without_provider(int tst
)
2957 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
2958 OSSL_PROVIDER
*tmpnullprov
= NULL
;
2959 EVP_PKEY_CTX
*pctx
= NULL
;
2960 const char *keytype
= NULL
;
2961 int expect_null
= 0;
2964 if (!TEST_ptr(tmpctx
))
2967 tmpnullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
2968 if (!TEST_ptr(tmpnullprov
))
2972 * We check for certain algos in the null provider.
2973 * If an algo is expected to have a provider keymgmt, constructing an
2974 * EVP_PKEY_CTX is expected to fail (return NULL).
2975 * Otherwise, if it's expected to have legacy support, constructing an
2976 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2986 #ifdef OPENSSL_NO_EC
2987 TEST_info("EC disable, skipping SM2 check...");
2990 #ifdef OPENSSL_NO_SM2
2991 TEST_info("SM2 disable, skipping SM2 check...");
2996 TEST_error("No test for case %d", tst
);
3000 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
3001 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
3004 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3010 EVP_PKEY_CTX_free(pctx
);
3011 OSSL_PROVIDER_unload(tmpnullprov
);
3012 OSSL_LIB_CTX_free(tmpctx
);
3016 static int test_rand_agglomeration(void)
3020 OSSL_PARAM params
[3], *p
= params
;
3022 unsigned int step
= 7;
3023 static unsigned char seed
[] = "It does not matter how slowly you go "
3024 "as long as you do not stop.";
3025 unsigned char out
[sizeof(seed
)];
3027 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
3028 || !TEST_ptr(rand
= EVP_RAND_fetch(testctx
, "TEST-RAND", testpropq
)))
3030 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
3031 EVP_RAND_free(rand
);
3035 memset(out
, 0, sizeof(out
));
3036 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
3037 seed
, sizeof(seed
));
3038 *p
++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST
, &step
);
3039 *p
= OSSL_PARAM_construct_end();
3040 res
= TEST_true(EVP_RAND_CTX_set_params(ctx
, params
))
3041 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
3042 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
3043 EVP_RAND_CTX_free(ctx
);
3048 * Test that we correctly return the original or "running" IV after
3049 * an encryption operation.
3050 * Run multiple times for some different relevant algorithms/modes.
3052 static int test_evp_iv_aes(int idx
)
3055 EVP_CIPHER_CTX
*ctx
= NULL
;
3056 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3057 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3058 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
3059 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3060 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3061 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3062 9, 10, 11, 12, 13, 14, 15, 16 };
3063 unsigned char ciphertext
[32], oiv
[16], iv
[16];
3064 unsigned char *ref_iv
;
3065 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3066 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3068 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3069 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3070 unsigned char cfb_state
[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3071 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3072 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3073 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3074 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3075 #ifndef OPENSSL_NO_OCB
3076 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3077 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3079 int len
= sizeof(ciphertext
);
3080 size_t ivlen
, ref_len
;
3081 const EVP_CIPHER
*type
= NULL
;
3084 if (nullprov
!= NULL
&& idx
< 6)
3085 return TEST_skip("Test does not support a non-default library context");
3089 type
= EVP_aes_128_cbc();
3092 type
= (type
!= NULL
) ? type
:
3093 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", testpropq
);
3095 ref_len
= sizeof(cbc_state
);
3099 type
= EVP_aes_128_ofb();
3102 type
= (type
!= NULL
) ? type
:
3103 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", testpropq
);
3105 ref_len
= sizeof(ofb_state
);
3109 type
= EVP_aes_128_cfb();
3112 type
= (type
!= NULL
) ? type
:
3113 EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
);
3115 ref_len
= sizeof(cfb_state
);
3119 type
= EVP_aes_128_gcm();
3122 type
= (type
!= NULL
) ? type
:
3123 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", testpropq
);
3125 ref_len
= sizeof(gcm_state
);
3128 type
= EVP_aes_128_ccm();
3131 type
= (type
!= NULL
) ? type
:
3132 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", testpropq
);
3134 ref_len
= sizeof(ccm_state
);
3136 #ifdef OPENSSL_NO_OCB
3142 type
= EVP_aes_128_ocb();
3145 type
= (type
!= NULL
) ? type
:
3146 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", testpropq
);
3148 ref_len
= sizeof(ocb_state
);
3156 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3157 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3158 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3160 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3161 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3162 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3164 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3165 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3166 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3169 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3170 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3171 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3174 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3177 if (!TEST_mem_eq(ref_iv
, ivlen
, iv
, ivlen
))
3183 EVP_CIPHER_CTX_free(ctx
);
3185 EVP_CIPHER_free((EVP_CIPHER
*)type
);
3189 #ifndef OPENSSL_NO_DES
3190 static int test_evp_iv_des(int idx
)
3193 EVP_CIPHER_CTX
*ctx
= NULL
;
3194 static const unsigned char key
[24] = {
3195 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3196 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3197 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3199 static const unsigned char init_iv
[8] = {
3200 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3202 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3203 9, 10, 11, 12, 13, 14, 15, 16 };
3204 unsigned char ciphertext
[32], oiv
[8], iv
[8];
3205 unsigned const char *ref_iv
;
3206 static const unsigned char cbc_state_des
[8] = {
3207 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3209 static const unsigned char cbc_state_3des
[8] = {
3210 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3212 static const unsigned char ofb_state_des
[8] = {
3213 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3215 static const unsigned char ofb_state_3des
[8] = {
3216 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3218 static const unsigned char cfb_state_des
[8] = {
3219 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3221 static const unsigned char cfb_state_3des
[8] = {
3222 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3224 int len
= sizeof(ciphertext
);
3225 size_t ivlen
, ref_len
;
3226 EVP_CIPHER
*type
= NULL
;
3228 if (lgcyprov
== NULL
&& idx
< 3)
3229 return TEST_skip("Test requires legacy provider to be loaded");
3233 type
= EVP_CIPHER_fetch(testctx
, "des-cbc", testpropq
);
3234 ref_iv
= cbc_state_des
;
3235 ref_len
= sizeof(cbc_state_des
);
3238 type
= EVP_CIPHER_fetch(testctx
, "des-ofb", testpropq
);
3239 ref_iv
= ofb_state_des
;
3240 ref_len
= sizeof(ofb_state_des
);
3243 type
= EVP_CIPHER_fetch(testctx
, "des-cfb", testpropq
);
3244 ref_iv
= cfb_state_des
;
3245 ref_len
= sizeof(cfb_state_des
);
3248 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cbc", testpropq
);
3249 ref_iv
= cbc_state_3des
;
3250 ref_len
= sizeof(cbc_state_3des
);
3253 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-ofb", testpropq
);
3254 ref_iv
= ofb_state_3des
;
3255 ref_len
= sizeof(ofb_state_3des
);
3258 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cfb", testpropq
);
3259 ref_iv
= cfb_state_3des
;
3260 ref_len
= sizeof(cfb_state_3des
);
3267 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3268 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3269 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3271 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3272 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3273 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3275 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3276 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3277 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3280 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3281 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3283 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3288 EVP_CIPHER_CTX_free(ctx
);
3289 EVP_CIPHER_free(type
);
3294 #ifndef OPENSSL_NO_BF
3295 static int test_evp_bf_default_keylen(int idx
)
3298 static const char *algos
[4] = {
3299 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3301 int ivlen
[4] = { 0, 8, 8, 8 };
3302 EVP_CIPHER
*cipher
= NULL
;
3304 if (lgcyprov
== NULL
)
3305 return TEST_skip("Test requires legacy provider to be loaded");
3307 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, algos
[idx
], testpropq
))
3308 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher
), 16)
3309 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher
), ivlen
[idx
]))
3314 EVP_CIPHER_free(cipher
);
3319 #ifndef OPENSSL_NO_EC
3320 static int ecpub_nids
[] = {
3321 NID_brainpoolP256r1
, NID_X9_62_prime256v1
,
3322 NID_secp384r1
, NID_secp521r1
,
3323 # ifndef OPENSSL_NO_EC2M
3324 NID_sect233k1
, NID_sect233r1
, NID_sect283r1
,
3325 NID_sect409k1
, NID_sect409r1
, NID_sect571k1
, NID_sect571r1
,
3327 NID_brainpoolP384r1
, NID_brainpoolP512r1
3330 static int test_ecpub(int idx
)
3332 int ret
= 0, len
, savelen
;
3334 unsigned char buf
[1024];
3336 EVP_PKEY
*pkey
= NULL
;
3337 EVP_PKEY_CTX
*ctx
= NULL
;
3338 # ifndef OPENSSL_NO_DEPRECATED_3_0
3339 const unsigned char *q
;
3340 EVP_PKEY
*pkey2
= NULL
;
3344 if (nullprov
!= NULL
)
3345 return TEST_skip("Test does not support a non-default library context");
3347 nid
= ecpub_nids
[idx
];
3349 ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
3351 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3352 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, nid
), 0)
3353 || !TEST_true(EVP_PKEY_keygen(ctx
, &pkey
)))
3355 len
= i2d_PublicKey(pkey
, NULL
);
3357 if (!TEST_int_ge(len
, 1)
3358 || !TEST_int_lt(len
, 1024))
3361 len
= i2d_PublicKey(pkey
, &p
);
3362 if (!TEST_int_ge(len
, 1)
3363 || !TEST_int_eq(len
, savelen
))
3366 # ifndef OPENSSL_NO_DEPRECATED_3_0
3367 /* Now try to decode the just-created DER. */
3369 if (!TEST_ptr((pkey2
= EVP_PKEY_new()))
3370 || !TEST_ptr((ec
= EC_KEY_new_by_curve_name(nid
)))
3371 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2
, ec
)))
3373 /* EC_KEY ownership transferred */
3375 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC
, &pkey2
, &q
, savelen
)))
3377 /* The keys should match. */
3378 if (!TEST_int_eq(EVP_PKEY_eq(pkey
, pkey2
), 1))
3385 EVP_PKEY_CTX_free(ctx
);
3386 EVP_PKEY_free(pkey
);
3387 # ifndef OPENSSL_NO_DEPRECATED_3_0
3388 EVP_PKEY_free(pkey2
);
3395 static int test_EVP_rsa_pss_with_keygen_bits(void)
3398 EVP_PKEY_CTX
*ctx
= NULL
;
3399 EVP_PKEY
*pkey
= NULL
;
3402 md
= EVP_MD_fetch(testctx
, "sha256", testpropq
);
3404 && TEST_ptr((ctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA-PSS", testpropq
)))
3405 && TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3406 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, 512), 0)
3407 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx
, md
), 0)
3408 && TEST_true(EVP_PKEY_keygen(ctx
, &pkey
));
3411 EVP_PKEY_free(pkey
);
3412 EVP_PKEY_CTX_free(ctx
);
3416 static int test_EVP_rsa_pss_set_saltlen(void)
3419 EVP_PKEY
*pkey
= NULL
;
3420 EVP_PKEY_CTX
*pkey_ctx
= NULL
;
3421 EVP_MD
*sha256
= NULL
;
3422 EVP_MD_CTX
*sha256_ctx
= NULL
;
3423 int saltlen
= 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3424 const int test_value
= 32;
3426 ret
= TEST_ptr(pkey
= load_example_rsa_key())
3427 && TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", NULL
))
3428 && TEST_ptr(sha256_ctx
= EVP_MD_CTX_new())
3429 && TEST_true(EVP_DigestSignInit(sha256_ctx
, &pkey_ctx
, sha256
, NULL
, pkey
))
3430 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx
, RSA_PKCS1_PSS_PADDING
))
3431 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx
, test_value
), 0)
3432 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx
, &saltlen
), 0)
3433 && TEST_int_eq(saltlen
, test_value
);
3435 EVP_MD_CTX_free(sha256_ctx
);
3436 EVP_PKEY_free(pkey
);
3437 EVP_MD_free(sha256
);
3442 static int success
= 1;
3443 static void md_names(const char *name
, void *vctx
)
3445 OSSL_LIB_CTX
*ctx
= (OSSL_LIB_CTX
*)vctx
;
3446 /* Force a namemap update */
3447 EVP_CIPHER
*aes128
= EVP_CIPHER_fetch(ctx
, "AES-128-CBC", NULL
);
3449 if (!TEST_ptr(aes128
))
3452 EVP_CIPHER_free(aes128
);
3456 * Test that changing the namemap in a user callback works in a names_do_all
3459 static int test_names_do_all(void)
3461 /* We use a custom libctx so that we know the state of the namemap */
3462 OSSL_LIB_CTX
*ctx
= OSSL_LIB_CTX_new();
3463 EVP_MD
*sha256
= NULL
;
3469 sha256
= EVP_MD_fetch(ctx
, "SHA2-256", NULL
);
3470 if (!TEST_ptr(sha256
))
3474 * We loop through all the names for a given digest. This should still work
3475 * even if the namemap changes part way through.
3477 if (!TEST_true(EVP_MD_names_do_all(sha256
, md_names
, ctx
)))
3480 if (!TEST_true(success
))
3485 EVP_MD_free(sha256
);
3486 OSSL_LIB_CTX_free(ctx
);
3492 const unsigned char *key
;
3493 const unsigned char *iv
;
3494 const unsigned char *input
;
3495 const unsigned char *expected
;
3496 const unsigned char *tag
;
3497 size_t ivlen
; /* 0 if we do not need to set a specific IV len */
3506 static const EVP_INIT_TEST_st evp_init_tests
[] = {
3508 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3509 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3513 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3514 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3515 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3516 sizeof(gcmDefaultTag
), 1, 0, 1
3519 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3520 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3524 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3525 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3526 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3527 sizeof(gcmDefaultTag
), 0, 0, 1
3530 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3531 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3535 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3536 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3537 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3538 sizeof(gcmDefaultTag
), 1, 1, 0
3541 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3542 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3546 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3547 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3548 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3549 sizeof(gcmDefaultTag
), 0, 1, 0
3553 static int evp_init_seq_set_iv(EVP_CIPHER_CTX
*ctx
, const EVP_INIT_TEST_st
*t
)
3557 if (t
->ivlen
!= 0) {
3558 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen
, NULL
), 0))
3561 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv
, -1)))
3569 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3570 * arguments are given one at a time and a final adjustment to the enc
3571 * parameter sets the correct operation.
3573 static int test_evp_init_seq(int idx
)
3575 int outlen1
, outlen2
;
3577 unsigned char outbuf
[1024];
3578 unsigned char tag
[16];
3579 const EVP_INIT_TEST_st
*t
= &evp_init_tests
[idx
];
3580 EVP_CIPHER_CTX
*ctx
= NULL
;
3581 EVP_CIPHER
*type
= NULL
;
3582 size_t taglen
= sizeof(tag
);
3583 char *errmsg
= NULL
;
3585 ctx
= EVP_CIPHER_CTX_new();
3587 errmsg
= "CTX_ALLOC";
3590 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
))) {
3591 errmsg
= "CIPHER_FETCH";
3594 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, t
->initenc
))) {
3595 errmsg
= "EMPTY_ENC_INIT";
3598 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3602 if (t
->keyfirst
&& !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3603 errmsg
= "KEY_INIT (before iv)";
3606 if (!evp_init_seq_set_iv(ctx
, t
)) {
3610 if (t
->keyfirst
== 0 && !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3611 errmsg
= "KEY_INIT (after iv)";
3614 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, t
->finalenc
))) {
3615 errmsg
= "FINAL_ENC_INIT";
3618 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3619 errmsg
= "CIPHER_UPDATE";
3622 if (t
->finalenc
== 0 && t
->tag
!= NULL
) {
3623 /* Set expected tag */
3624 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
,
3625 t
->taglen
, (void *)t
->tag
), 0)) {
3630 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3631 errmsg
= "CIPHER_FINAL";
3634 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3635 errmsg
= "WRONG_RESULT";
3638 if (t
->finalenc
!= 0 && t
->tag
!= NULL
) {
3639 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
), 0)) {
3643 if (!TEST_mem_eq(t
->tag
, t
->taglen
, tag
, taglen
)) {
3644 errmsg
= "TAG_ERROR";
3651 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3652 EVP_CIPHER_CTX_free(ctx
);
3653 EVP_CIPHER_free(type
);
3658 const unsigned char *input
;
3659 const unsigned char *expected
;
3663 } EVP_RESET_TEST_st
;
3665 static const EVP_RESET_TEST_st evp_reset_tests
[] = {
3667 cfbPlaintext
, cfbCiphertext
,
3668 sizeof(cfbPlaintext
), sizeof(cfbCiphertext
), 1
3671 cfbCiphertext
, cfbPlaintext
,
3672 sizeof(cfbCiphertext
), sizeof(cfbPlaintext
), 0
3677 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3680 static int test_evp_reset(int idx
)
3682 const EVP_RESET_TEST_st
*t
= &evp_reset_tests
[idx
];
3683 int outlen1
, outlen2
;
3685 unsigned char outbuf
[1024];
3686 EVP_CIPHER_CTX
*ctx
= NULL
;
3687 EVP_CIPHER
*type
= NULL
;
3688 char *errmsg
= NULL
;
3690 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3691 errmsg
= "CTX_ALLOC";
3694 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
))) {
3695 errmsg
= "CIPHER_FETCH";
3698 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3699 errmsg
= "CIPHER_INIT";
3702 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3706 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3707 errmsg
= "CIPHER_UPDATE";
3710 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3711 errmsg
= "CIPHER_FINAL";
3714 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3715 errmsg
= "WRONG_RESULT";
3718 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, -1))) {
3719 errmsg
= "CIPHER_REINIT";
3722 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3723 errmsg
= "CIPHER_UPDATE (reinit)";
3726 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3727 errmsg
= "CIPHER_FINAL (reinit)";
3730 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3731 errmsg
= "WRONG_RESULT (reinit)";
3737 TEST_info("test_evp_reset %d: %s", idx
, errmsg
);
3738 EVP_CIPHER_CTX_free(ctx
);
3739 EVP_CIPHER_free(type
);
3746 } EVP_UPDATED_IV_TEST_st
;
3748 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests
[] = {
3788 * Test that the IV in the context is updated during a crypto operation for CFB
3791 static int test_evp_updated_iv(int idx
)
3793 const EVP_UPDATED_IV_TEST_st
*t
= &evp_updated_iv_tests
[idx
];
3794 int outlen1
, outlen2
;
3796 unsigned char outbuf
[1024];
3797 EVP_CIPHER_CTX
*ctx
= NULL
;
3798 EVP_CIPHER
*type
= NULL
;
3799 unsigned char updated_iv
[EVP_MAX_IV_LENGTH
];
3801 char *errmsg
= NULL
;
3803 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3804 errmsg
= "CTX_ALLOC";
3807 if ((type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
)) == NULL
) {
3808 TEST_info("cipher %s not supported, skipping", t
->cipher
);
3812 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3813 errmsg
= "CIPHER_INIT";
3816 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3820 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, cfbPlaintext
, sizeof(cfbPlaintext
)))) {
3821 errmsg
= "CIPHER_UPDATE";
3824 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, updated_iv
, sizeof(updated_iv
)))) {
3825 errmsg
= "CIPHER_CTX_GET_UPDATED_IV";
3828 if (!TEST_true(iv_len
= EVP_CIPHER_CTX_get_iv_length(ctx
))) {
3829 errmsg
= "CIPHER_CTX_GET_IV_LEN";
3832 if (!TEST_mem_ne(iCFBIV
, sizeof(iCFBIV
), updated_iv
, iv_len
)) {
3833 errmsg
= "IV_NOT_UPDATED";
3836 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3837 errmsg
= "CIPHER_FINAL";
3844 TEST_info("test_evp_updated_iv %d: %s", idx
, errmsg
);
3845 EVP_CIPHER_CTX_free(ctx
);
3846 EVP_CIPHER_free(type
);
3851 const unsigned char *iv1
;
3852 const unsigned char *iv2
;
3853 const unsigned char *expected1
;
3854 const unsigned char *expected2
;
3855 const unsigned char *tag1
;
3856 const unsigned char *tag2
;
3859 size_t expectedlen1
;
3860 size_t expectedlen2
;
3861 } TEST_GCM_IV_REINIT_st
;
3863 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests
[] = {
3865 iGCMResetIV1
, iGCMResetIV2
, gcmResetCiphertext1
, gcmResetCiphertext2
,
3866 gcmResetTag1
, gcmResetTag2
, sizeof(iGCMResetIV1
), sizeof(iGCMResetIV2
),
3867 sizeof(gcmResetCiphertext1
), sizeof(gcmResetCiphertext2
)
3870 iGCMResetIV2
, iGCMResetIV1
, gcmResetCiphertext2
, gcmResetCiphertext1
,
3871 gcmResetTag2
, gcmResetTag1
, sizeof(iGCMResetIV2
), sizeof(iGCMResetIV1
),
3872 sizeof(gcmResetCiphertext2
), sizeof(gcmResetCiphertext1
)
3876 static int test_gcm_reinit(int idx
)
3878 int outlen1
, outlen2
, outlen3
;
3880 unsigned char outbuf
[1024];
3881 unsigned char tag
[16];
3882 const TEST_GCM_IV_REINIT_st
*t
= &gcm_reinit_tests
[idx
];
3883 EVP_CIPHER_CTX
*ctx
= NULL
;
3884 EVP_CIPHER
*type
= NULL
;
3885 size_t taglen
= sizeof(tag
);
3886 char *errmsg
= NULL
;
3888 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3889 errmsg
= "CTX_ALLOC";
3892 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-256-gcm", testpropq
))) {
3893 errmsg
= "CIPHER_FETCH";
3896 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, 1))) {
3897 errmsg
= "ENC_INIT";
3900 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen1
, NULL
), 0)) {
3901 errmsg
= "SET_IVLEN1";
3904 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, kGCMResetKey
, t
->iv1
, 1))) {
3908 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3912 EVP_CIPHER_CTX_set_padding(ctx
, 0);
3913 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3914 sizeof(gcmResetPlaintext
)))) {
3915 errmsg
= "CIPHER_UPDATE1";
3918 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3919 errmsg
= "CIPHER_FINAL1";
3922 if (!TEST_mem_eq(t
->expected1
, t
->expectedlen1
, outbuf
, outlen1
+ outlen2
)) {
3923 errmsg
= "WRONG_RESULT1";
3926 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
), 0)) {
3927 errmsg
= "GET_TAG1";
3930 if (!TEST_mem_eq(t
->tag1
, taglen
, tag
, taglen
)) {
3931 errmsg
= "TAG_ERROR1";
3935 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen2
, NULL
), 0)) {
3936 errmsg
= "SET_IVLEN2";
3939 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv2
, -1))) {
3943 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3947 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3948 sizeof(gcmResetPlaintext
)))) {
3949 errmsg
= "CIPHER_UPDATE2";
3952 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3953 errmsg
= "CIPHER_FINAL2";
3956 if (!TEST_mem_eq(t
->expected2
, t
->expectedlen2
, outbuf
, outlen1
+ outlen2
)) {
3957 errmsg
= "WRONG_RESULT2";
3960 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
), 0)) {
3961 errmsg
= "GET_TAG2";
3964 if (!TEST_mem_eq(t
->tag2
, taglen
, tag
, taglen
)) {
3965 errmsg
= "TAG_ERROR2";
3971 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3972 EVP_CIPHER_CTX_free(ctx
);
3973 EVP_CIPHER_free(type
);
3977 #ifndef OPENSSL_NO_DEPRECATED_3_0
3978 static EVP_PKEY_METHOD
*custom_pmeth
= NULL
;
3979 static const EVP_PKEY_METHOD
*orig_pmeth
= NULL
;
3981 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3983 static int custom_pmeth_init(EVP_PKEY_CTX
*ctx
)
3985 int (*pinit
)(EVP_PKEY_CTX
*ctx
);
3987 EVP_PKEY_meth_get_init(orig_pmeth
, &pinit
);
3991 static void custom_pmeth_cleanup(EVP_PKEY_CTX
*ctx
)
3993 void (*pcleanup
)(EVP_PKEY_CTX
*ctx
);
3995 EVP_PKEY_meth_get_cleanup(orig_pmeth
, &pcleanup
);
3999 static int custom_pmeth_sign(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
4000 size_t *outlen
, const unsigned char *in
,
4003 int (*psign
)(EVP_PKEY_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
4004 const unsigned char *tbs
, size_t tbslen
);
4006 EVP_PKEY_meth_get_sign(orig_pmeth
, NULL
, &psign
);
4007 return psign(ctx
, out
, outlen
, in
, inlen
);
4010 static int custom_pmeth_digestsign(EVP_MD_CTX
*ctx
, unsigned char *sig
,
4011 size_t *siglen
, const unsigned char *tbs
,
4014 int (*pdigestsign
)(EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
4015 const unsigned char *tbs
, size_t tbslen
);
4017 EVP_PKEY_meth_get_digestsign(orig_pmeth
, &pdigestsign
);
4018 return pdigestsign(ctx
, sig
, siglen
, tbs
, tbslen
);
4021 static int custom_pmeth_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
,
4024 int (*pderive
)(EVP_PKEY_CTX
*ctx
, unsigned char *key
, size_t *keylen
);
4026 EVP_PKEY_meth_get_derive(orig_pmeth
, NULL
, &pderive
);
4027 return pderive(ctx
, key
, keylen
);
4030 static int custom_pmeth_copy(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
)
4032 int (*pcopy
)(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
);
4034 EVP_PKEY_meth_get_copy(orig_pmeth
, &pcopy
);
4035 return pcopy(dst
, src
);
4038 static int ctrl_called
;
4040 static int custom_pmeth_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
4042 int (*pctrl
)(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
4044 EVP_PKEY_meth_get_ctrl(orig_pmeth
, &pctrl
, NULL
);
4046 if (type
== EVP_PKEY_CTRL_MY_COMMAND
) {
4051 return pctrl(ctx
, type
, p1
, p2
);
4054 static int test_custom_pmeth(int idx
)
4056 EVP_PKEY_CTX
*pctx
= NULL
;
4057 EVP_MD_CTX
*ctx
= NULL
;
4058 EVP_PKEY
*pkey
= NULL
;
4059 int id
, orig_id
, orig_flags
;
4062 unsigned char *res
= NULL
;
4063 unsigned char msg
[] = { 'H', 'e', 'l', 'l', 'o' };
4064 const EVP_MD
*md
= EVP_sha256();
4069 /* We call deprecated APIs so this test doesn't support a custom libctx */
4070 if (testctx
!= NULL
)
4077 pkey
= load_example_rsa_key();
4081 # ifndef OPENSSL_NO_DSA
4083 pkey
= load_example_dsa_key();
4090 # ifndef OPENSSL_NO_EC
4092 pkey
= load_example_ec_key();
4099 # ifndef OPENSSL_NO_EC
4100 id
= EVP_PKEY_ED25519
;
4102 pkey
= load_example_ed25519_key();
4109 # ifndef OPENSSL_NO_DH
4112 pkey
= load_example_dh_key();
4119 # ifndef OPENSSL_NO_EC
4120 id
= EVP_PKEY_X25519
;
4122 pkey
= load_example_x25519_key();
4128 TEST_error("Should not happen");
4132 if (!TEST_ptr(pkey
))
4136 if (!TEST_true(evp_pkey_is_provided(pkey
)))
4139 EVP_PKEY
*tmp
= pkey
;
4141 /* Convert to a legacy key */
4142 pkey
= EVP_PKEY_new();
4143 if (!TEST_ptr(pkey
)) {
4147 if (!TEST_true(evp_pkey_copy_downgraded(&pkey
, tmp
))) {
4152 if (!TEST_true(evp_pkey_is_legacy(pkey
)))
4156 if (!TEST_ptr(orig_pmeth
= EVP_PKEY_meth_find(id
))
4160 EVP_PKEY_meth_get0_info(&orig_id
, &orig_flags
, orig_pmeth
);
4161 if (!TEST_int_eq(orig_id
, id
)
4162 || !TEST_ptr(custom_pmeth
= EVP_PKEY_meth_new(id
, orig_flags
)))
4165 if (id
== EVP_PKEY_ED25519
) {
4166 EVP_PKEY_meth_set_digestsign(custom_pmeth
, custom_pmeth_digestsign
);
4167 } if (id
== EVP_PKEY_DH
|| id
== EVP_PKEY_X25519
) {
4168 EVP_PKEY_meth_set_derive(custom_pmeth
, NULL
, custom_pmeth_derive
);
4170 EVP_PKEY_meth_set_sign(custom_pmeth
, NULL
, custom_pmeth_sign
);
4172 if (id
!= EVP_PKEY_ED25519
&& id
!= EVP_PKEY_X25519
) {
4173 EVP_PKEY_meth_set_init(custom_pmeth
, custom_pmeth_init
);
4174 EVP_PKEY_meth_set_cleanup(custom_pmeth
, custom_pmeth_cleanup
);
4175 EVP_PKEY_meth_set_copy(custom_pmeth
, custom_pmeth_copy
);
4177 EVP_PKEY_meth_set_ctrl(custom_pmeth
, custom_pmeth_ctrl
, NULL
);
4178 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth
)))
4182 pctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
4184 || !TEST_int_eq(EVP_PKEY_derive_init(pctx
), 1)
4185 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4186 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4188 || !TEST_int_eq(ctrl_called
, 1)
4189 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx
, pkey
), 1)
4190 || !TEST_int_ge(EVP_PKEY_derive(pctx
, NULL
, &reslen
), 1)
4191 || !TEST_ptr(res
= OPENSSL_malloc(reslen
))
4192 || !TEST_int_ge(EVP_PKEY_derive(pctx
, res
, &reslen
), 1))
4195 ctx
= EVP_MD_CTX_new();
4196 reslen
= EVP_PKEY_size(pkey
);
4197 res
= OPENSSL_malloc(reslen
);
4200 || !TEST_true(EVP_DigestSignInit(ctx
, &pctx
, md
, NULL
, pkey
))
4201 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4202 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4204 || !TEST_int_eq(ctrl_called
, 1))
4207 if (id
== EVP_PKEY_ED25519
) {
4208 if (!TEST_true(EVP_DigestSign(ctx
, res
, &reslen
, msg
, sizeof(msg
))))
4211 if (!TEST_true(EVP_DigestUpdate(ctx
, msg
, sizeof(msg
)))
4212 || !TEST_true(EVP_DigestSignFinal(ctx
, res
, &reslen
)))
4220 EVP_MD_CTX_free(ctx
);
4222 EVP_PKEY_CTX_free(pctx
);
4223 EVP_PKEY_free(pkey
);
4224 EVP_PKEY_meth_remove(custom_pmeth
);
4225 EVP_PKEY_meth_free(custom_pmeth
);
4226 custom_pmeth
= NULL
;
4230 static int test_evp_md_cipher_meth(void)
4232 EVP_MD
*md
= EVP_MD_meth_dup(EVP_sha256());
4233 EVP_CIPHER
*ciph
= EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4236 if (!TEST_ptr(md
) || !TEST_ptr(ciph
))
4242 EVP_MD_meth_free(md
);
4243 EVP_CIPHER_meth_free(ciph
);
4252 static int custom_md_init_called
= 0;
4253 static int custom_md_cleanup_called
= 0;
4255 static int custom_md_init(EVP_MD_CTX
*ctx
)
4257 custom_dgst_ctx
*p
= EVP_MD_CTX_md_data(ctx
);
4262 custom_md_init_called
++;
4266 static int custom_md_cleanup(EVP_MD_CTX
*ctx
)
4268 custom_dgst_ctx
*p
= EVP_MD_CTX_md_data(ctx
);
4274 custom_md_cleanup_called
++;
4278 static int test_custom_md_meth(void)
4280 EVP_MD_CTX
*mdctx
= NULL
;
4282 char mess
[] = "Test Message\n";
4283 unsigned char md_value
[EVP_MAX_MD_SIZE
];
4284 unsigned int md_len
;
4289 * We are testing deprecated functions. We don't support a non-default
4290 * library context in this test.
4292 if (testctx
!= NULL
)
4295 custom_md_init_called
= custom_md_cleanup_called
= 0;
4297 nid
= OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4298 if (!TEST_int_ne(nid
, NID_undef
))
4300 tmp
= EVP_MD_meth_new(nid
, NID_undef
);
4304 if (!TEST_true(EVP_MD_meth_set_init(tmp
, custom_md_init
))
4305 || !TEST_true(EVP_MD_meth_set_cleanup(tmp
, custom_md_cleanup
))
4306 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp
,
4307 sizeof(custom_dgst_ctx
))))
4310 mdctx
= EVP_MD_CTX_new();
4311 if (!TEST_ptr(mdctx
)
4313 * Initing our custom md and then initing another md should
4314 * result in the init and cleanup functions of the custom md
4315 * from being called.
4317 || !TEST_true(EVP_DigestInit_ex(mdctx
, tmp
, NULL
))
4318 || !TEST_true(EVP_DigestInit_ex(mdctx
, EVP_sha256(), NULL
))
4319 || !TEST_true(EVP_DigestUpdate(mdctx
, mess
, strlen(mess
)))
4320 || !TEST_true(EVP_DigestFinal_ex(mdctx
, md_value
, &md_len
))
4321 || !TEST_int_eq(custom_md_init_called
, 1)
4322 || !TEST_int_eq(custom_md_cleanup_called
, 1))
4327 EVP_MD_CTX_free(mdctx
);
4328 EVP_MD_meth_free(tmp
);
4332 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4333 /* Test we can create a signature keys with an associated ENGINE */
4334 static int test_signatures_with_engine(int tst
)
4337 const char *engine_id
= "dasync";
4338 EVP_PKEY
*pkey
= NULL
;
4339 const unsigned char badcmackey
[] = { 0x00, 0x01 };
4340 const unsigned char cmackey
[] = {
4341 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4342 0x0c, 0x0d, 0x0e, 0x0f
4344 const unsigned char ed25519key
[] = {
4345 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4346 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4347 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4349 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4351 EVP_MD_CTX
*ctx
= NULL
;
4352 unsigned char *mac
= NULL
;
4356 # ifdef OPENSSL_NO_CMAC
4357 /* Skip CMAC tests in a no-cmac build */
4362 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4365 if (!TEST_true(ENGINE_init(e
))) {
4372 pkey
= EVP_PKEY_new_CMAC_key(e
, cmackey
, sizeof(cmackey
),
4376 pkey
= EVP_PKEY_new_CMAC_key(e
, badcmackey
, sizeof(badcmackey
),
4380 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519
, e
, ed25519key
,
4381 sizeof(ed25519key
));
4384 TEST_error("Invalid test case");
4387 if (!TEST_ptr(pkey
))
4390 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
4393 ret
= EVP_DigestSignInit(ctx
, NULL
, tst
== 2 ? NULL
: EVP_sha256(), NULL
,
4396 if (!TEST_true(ret
))
4399 if (!TEST_true(EVP_DigestSignUpdate(ctx
, msg
, sizeof(msg
)))
4400 || !TEST_true(EVP_DigestSignFinal(ctx
, NULL
, &maclen
)))
4403 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
4406 if (!TEST_true(EVP_DigestSignFinal(ctx
, mac
, &maclen
)))
4409 /* We used a bad key. We expect a failure here */
4410 if (!TEST_false(ret
))
4416 EVP_MD_CTX_free(ctx
);
4418 EVP_PKEY_free(pkey
);
4425 static int test_cipher_with_engine(void)
4428 const char *engine_id
= "dasync";
4429 const unsigned char keyiv
[] = {
4430 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4431 0x0c, 0x0d, 0x0e, 0x0f
4433 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4435 EVP_CIPHER_CTX
*ctx
= NULL
, *ctx2
= NULL
;
4436 unsigned char buf
[AES_BLOCK_SIZE
];
4439 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4442 if (!TEST_true(ENGINE_init(e
))) {
4447 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
4448 || !TEST_ptr(ctx2
= EVP_CIPHER_CTX_new()))
4451 if (!TEST_true(EVP_EncryptInit_ex(ctx
, EVP_aes_128_cbc(), e
, keyiv
, keyiv
)))
4454 /* Copy the ctx, and complete the operation with the new ctx */
4455 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2
, ctx
)))
4458 if (!TEST_true(EVP_EncryptUpdate(ctx2
, buf
, &len
, msg
, sizeof(msg
)))
4459 || !TEST_true(EVP_EncryptFinal_ex(ctx2
, buf
+ len
, &len
)))
4464 EVP_CIPHER_CTX_free(ctx
);
4465 EVP_CIPHER_CTX_free(ctx2
);
4471 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4472 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4474 static int ecxnids
[] = {
4481 /* Test that creating ECX keys with a short private key fails as expected */
4482 static int test_ecx_short_keys(int tst
)
4484 unsigned char ecxkeydata
= 1;
4488 pkey
= EVP_PKEY_new_raw_private_key(ecxnids
[tst
], NULL
, &ecxkeydata
, 1);
4489 if (!TEST_ptr_null(pkey
)) {
4490 EVP_PKEY_free(pkey
);
4496 typedef enum OPTION_choice
{
4503 const OPTIONS
*test_get_options(void)
4505 static const OPTIONS options
[] = {
4506 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
4507 { "context", OPT_CONTEXT
, '-', "Explicitly use a non-default library context" },
4513 int setup_tests(void)
4517 while ((o
= opt_next()) != OPT_EOF
) {
4520 /* Set up an alternate library context */
4521 testctx
= OSSL_LIB_CTX_new();
4522 if (!TEST_ptr(testctx
))
4524 /* Swap the libctx to test non-default context only */
4525 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
4526 deflprov
= OSSL_PROVIDER_load(testctx
, "default");
4527 lgcyprov
= OSSL_PROVIDER_load(testctx
, "legacy");
4529 case OPT_TEST_CASES
:
4536 ADD_TEST(test_EVP_set_default_properties
);
4537 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 30);
4538 ADD_TEST(test_EVP_DigestVerifyInit
);
4539 #ifndef OPENSSL_NO_SIPHASH
4540 ADD_TEST(test_siphash_digestsign
);
4542 ADD_TEST(test_EVP_Digest
);
4543 ADD_TEST(test_EVP_md_null
);
4544 ADD_ALL_TESTS(test_EVP_PKEY_sign
, 3);
4545 ADD_ALL_TESTS(test_EVP_Enveloped
, 2);
4546 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
4547 ADD_TEST(test_privatekey_to_pkcs8
);
4548 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag
);
4549 #ifndef OPENSSL_NO_EC
4550 ADD_TEST(test_EVP_PKCS82PKEY
);
4552 #ifndef OPENSSL_NO_EC
4553 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
4555 #if !defined(OPENSSL_NO_SM2)
4556 ADD_TEST(test_EVP_SM2
);
4557 ADD_TEST(test_EVP_SM2_verify
);
4559 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
4560 #ifndef OPENSSL_NO_DEPRECATED_3_0
4561 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
4562 if (!TEST_ptr(custom_pmeth
))
4564 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
4565 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
4566 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
4567 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
4570 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
4571 #ifndef OPENSSL_NO_CMAC
4572 ADD_TEST(test_CMAC_keygen
);
4574 ADD_TEST(test_HKDF
);
4575 ADD_TEST(test_emptyikm_HKDF
);
4576 #ifndef OPENSSL_NO_EC
4577 ADD_TEST(test_X509_PUBKEY_inplace
);
4578 ADD_TEST(test_X509_PUBKEY_dup
);
4579 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
4580 OSSL_NELEM(ec_der_pub_keys
));
4582 #ifndef OPENSSL_NO_DSA
4583 ADD_TEST(test_DSA_get_set_params
);
4584 ADD_TEST(test_DSA_priv_pub
);
4586 ADD_TEST(test_RSA_get_set_params
);
4587 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4588 ADD_TEST(test_decrypt_null_chunks
);
4590 #ifndef OPENSSL_NO_DH
4591 ADD_TEST(test_DH_priv_pub
);
4592 # ifndef OPENSSL_NO_DEPRECATED_3_0
4593 ADD_TEST(test_EVP_PKEY_set1_DH
);
4596 #ifndef OPENSSL_NO_EC
4597 ADD_TEST(test_EC_priv_pub
);
4598 # ifndef OPENSSL_NO_DEPRECATED_3_0
4599 ADD_TEST(test_EC_priv_only_legacy
);
4602 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
4603 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
4605 ADD_TEST(test_rand_agglomeration
);
4606 ADD_ALL_TESTS(test_evp_iv_aes
, 12);
4607 #ifndef OPENSSL_NO_DES
4608 ADD_ALL_TESTS(test_evp_iv_des
, 6);
4610 #ifndef OPENSSL_NO_BF
4611 ADD_ALL_TESTS(test_evp_bf_default_keylen
, 4);
4613 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits
);
4614 ADD_TEST(test_EVP_rsa_pss_set_saltlen
);
4615 #ifndef OPENSSL_NO_EC
4616 ADD_ALL_TESTS(test_ecpub
, OSSL_NELEM(ecpub_nids
));
4619 ADD_TEST(test_names_do_all
);
4621 ADD_ALL_TESTS(test_evp_init_seq
, OSSL_NELEM(evp_init_tests
));
4622 ADD_ALL_TESTS(test_evp_reset
, OSSL_NELEM(evp_reset_tests
));
4623 ADD_ALL_TESTS(test_gcm_reinit
, OSSL_NELEM(gcm_reinit_tests
));
4624 ADD_ALL_TESTS(test_evp_updated_iv
, OSSL_NELEM(evp_updated_iv_tests
));
4626 #ifndef OPENSSL_NO_DEPRECATED_3_0
4627 ADD_ALL_TESTS(test_custom_pmeth
, 12);
4628 ADD_TEST(test_evp_md_cipher_meth
);
4629 ADD_TEST(test_custom_md_meth
);
4631 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4632 /* Tests only support the default libctx */
4633 if (testctx
== NULL
) {
4634 # ifndef OPENSSL_NO_EC
4635 ADD_ALL_TESTS(test_signatures_with_engine
, 3);
4637 ADD_ALL_TESTS(test_signatures_with_engine
, 2);
4639 ADD_TEST(test_cipher_with_engine
);
4644 ADD_ALL_TESTS(test_ecx_short_keys
, OSSL_NELEM(ecxnids
));
4649 void cleanup_tests(void)
4651 OSSL_PROVIDER_unload(nullprov
);
4652 OSSL_PROVIDER_unload(deflprov
);
4653 OSSL_PROVIDER_unload(lgcyprov
);
4654 OSSL_LIB_CTX_free(testctx
);