2 * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
39 #include "fake_rsaprov.h"
42 OSSL_provider_init_fn ossl_legacy_provider_init
;
45 static OSSL_LIB_CTX
*testctx
= NULL
;
46 static char *testpropq
= NULL
;
48 static OSSL_PROVIDER
*nullprov
= NULL
;
49 static OSSL_PROVIDER
*deflprov
= NULL
;
50 static OSSL_PROVIDER
*lgcyprov
= NULL
;
53 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
54 * should never use this key anywhere but in an example.
56 static const unsigned char kExampleRSAKeyDER
[] = {
57 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
58 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
59 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
60 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
61 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
62 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
63 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
64 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
65 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
66 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
67 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
68 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
69 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
70 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
71 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
72 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
73 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
74 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
75 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
76 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
77 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
78 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
79 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
80 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
81 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
82 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
83 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
84 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
85 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
86 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
87 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
88 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
89 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
90 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
91 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
92 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
93 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
94 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
95 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
96 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
97 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
98 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
99 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
100 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
101 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
102 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
103 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
104 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
105 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
106 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
107 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
111 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
112 * should never use this key anywhere but in an example.
114 #ifndef OPENSSL_NO_DSA
115 static const unsigned char kExampleDSAKeyDER
[] = {
116 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
117 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
118 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
119 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
120 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
121 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
122 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
123 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
124 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
125 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
126 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
127 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
128 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
129 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
130 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
131 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
132 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
133 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
134 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
135 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
136 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
137 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
138 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
139 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
140 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
141 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
142 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
143 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
144 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
145 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
146 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
147 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
148 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
149 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
150 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
151 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
152 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
158 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
159 * components are not correct.
161 static const unsigned char kExampleBadRSAKeyDER
[] = {
162 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
163 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
164 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
165 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
166 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
167 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
168 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
169 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
170 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
171 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
172 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
173 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
174 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
175 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
176 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
177 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
178 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
179 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
180 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
181 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
182 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
183 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
184 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
185 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
186 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
187 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
188 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
189 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
190 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
191 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
192 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
193 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
194 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
195 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
196 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
197 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
198 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
199 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
200 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
201 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
202 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
203 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
204 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
205 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
206 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
207 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
208 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
209 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
210 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
211 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
212 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
213 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
214 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
215 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
216 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
217 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
218 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
219 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
220 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
221 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
222 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
223 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
224 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
225 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
226 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
227 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
228 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
229 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
230 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
231 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
232 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
233 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
234 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
235 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
236 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
237 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
238 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
239 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
240 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
241 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
242 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
243 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
244 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
245 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
246 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
247 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
248 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
249 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
250 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
254 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
257 static const unsigned char kExampleBad2RSAKeyDER
[] = {
258 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
259 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
260 0x01, 0x00, 0x02, 0x01, 0x00
263 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
265 static const unsigned char kSignature
[] = {
266 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
267 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
268 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
269 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
270 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
271 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
272 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
273 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
274 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
275 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
276 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
280 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
283 static const unsigned char kExampleRSAKeyPKCS8
[] = {
284 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
285 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
286 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
287 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
288 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
289 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
290 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
291 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
292 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
293 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
294 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
295 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
296 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
297 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
298 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
299 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
300 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
301 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
302 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
303 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
304 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
305 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
306 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
307 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
308 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
309 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
310 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
311 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
312 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
313 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
314 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
315 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
316 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
317 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
318 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
319 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
320 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
321 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
322 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
323 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
324 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
325 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
326 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
327 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
328 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
329 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
330 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
331 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
332 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
333 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
334 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
335 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
336 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
339 #ifndef OPENSSL_NO_EC
341 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 static const unsigned char kExampleECKeyDER
[] = {
345 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
346 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
347 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
348 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
349 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
350 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
351 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
352 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
353 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
354 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
359 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
360 * structure. The private key is equal to the order and will fail to import
362 static const unsigned char kExampleBadECKeyDER
[] = {
363 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
364 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
365 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
366 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
367 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
368 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
369 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
370 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
371 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
375 static const unsigned char kExampleECPubKeyDER
[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
387 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
388 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
390 static const unsigned char kExampleBadECPubKeyDER
[] = {
391 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
392 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
393 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
394 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
395 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
396 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
397 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
398 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
401 static const unsigned char pExampleECParamDER
[] = {
402 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
405 # ifndef OPENSSL_NO_ECX
406 static const unsigned char kExampleED25519KeyDER
[] = {
407 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
408 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
409 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
410 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
413 static const unsigned char kExampleED25519PubKeyDER
[] = {
414 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
415 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
416 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
417 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
420 # ifndef OPENSSL_NO_DEPRECATED_3_0
421 static const unsigned char kExampleX25519KeyDER
[] = {
422 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
423 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
424 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
425 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
431 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
432 #ifndef OPENSSL_NO_DEPRECATED_3_0
433 # ifndef OPENSSL_NO_DH
434 static const unsigned char kExampleDHKeyDER
[] = {
435 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
436 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
437 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
438 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
439 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
440 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
441 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
442 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
443 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
444 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
445 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
446 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
447 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
448 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
449 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
450 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
451 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
452 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
453 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
454 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
455 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
456 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
457 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
458 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
459 0x2e, 0x87, 0x2a, 0x0b, 0x7a
464 static const unsigned char kCFBDefaultKey
[] = {
465 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
466 0x09, 0xCF, 0x4F, 0x3C
469 static const unsigned char kGCMDefaultKey
[32] = { 0 };
471 static const unsigned char kGCMResetKey
[] = {
472 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
473 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
474 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
477 static const unsigned char iCFBIV
[] = {
478 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
479 0x0C, 0x0D, 0x0E, 0x0F
482 static const unsigned char iGCMDefaultIV
[12] = { 0 };
484 static const unsigned char iGCMResetIV1
[] = {
485 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
488 static const unsigned char iGCMResetIV2
[] = {
489 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
492 static const unsigned char cfbPlaintext
[] = {
493 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
494 0x73, 0x93, 0x17, 0x2A
496 static const unsigned char cfbPlaintext_partial
[] = {
497 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
498 0x73, 0x93, 0x17, 0x2A, 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96,
501 static const unsigned char gcmDefaultPlaintext
[16] = { 0 };
503 static const unsigned char gcmResetPlaintext
[] = {
504 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
505 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
506 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
507 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
508 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
511 static const unsigned char cfbCiphertext
[] = {
512 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
513 0xE8, 0x3C, 0xFB, 0x4A
516 static const unsigned char cfbCiphertext_partial
[] = {
517 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
518 0xE8, 0x3C, 0xFB, 0x4A, 0x0D, 0x4A, 0x71, 0x82, 0x90, 0xF0, 0x9A, 0x35
521 static const unsigned char ofbCiphertext_partial
[] = {
522 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
523 0xE8, 0x3C, 0xFB, 0x4A, 0xB2, 0x65, 0x64, 0x38, 0x26, 0xD2, 0xBC, 0x09
526 static const unsigned char gcmDefaultCiphertext
[] = {
527 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
528 0xba, 0xf3, 0x9d, 0x18
531 static const unsigned char gcmResetCiphertext1
[] = {
532 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
533 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
534 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
535 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
536 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
539 static const unsigned char gcmResetCiphertext2
[] = {
540 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
541 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
542 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
543 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
544 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
547 static const unsigned char gcmAAD
[] = {
548 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
549 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
552 static const unsigned char gcmDefaultTag
[] = {
553 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
554 0xd4, 0x8a, 0xb9, 0x19
557 static const unsigned char gcmResetTag1
[] = {
558 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
559 0xfe, 0x2e, 0xa8, 0xf2
562 static const unsigned char gcmResetTag2
[] = {
563 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
564 0xbb, 0x2d, 0x55, 0x1b
567 typedef struct APK_DATA_st
{
568 const unsigned char *kder
;
575 int type
; /* 0 for private, 1 for public, 2 for params */
578 static APK_DATA keydata
[] = {
579 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
},
580 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), "RSA", EVP_PKEY_RSA
},
581 #ifndef OPENSSL_NO_EC
582 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
}
586 static APK_DATA keycheckdata
[] = {
587 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
, 1, 1, 1,
589 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), "RSA", EVP_PKEY_RSA
,
591 {kExampleBad2RSAKeyDER
, sizeof(kExampleBad2RSAKeyDER
), "RSA", EVP_PKEY_RSA
,
592 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
593 #ifndef OPENSSL_NO_EC
594 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
, 1, 1, 1, 0},
595 /* group is also associated in our pub key */
596 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), "EC", EVP_PKEY_EC
, 0, 1,
598 {pExampleECParamDER
, sizeof(pExampleECParamDER
), "EC", EVP_PKEY_EC
, 0, 0, 1,
600 # ifndef OPENSSL_NO_ECX
601 {kExampleED25519KeyDER
, sizeof(kExampleED25519KeyDER
), "ED25519",
602 EVP_PKEY_ED25519
, 1, 1, 1, 0},
603 {kExampleED25519PubKeyDER
, sizeof(kExampleED25519PubKeyDER
), "ED25519",
604 EVP_PKEY_ED25519
, 0, 1, 1, 1},
609 static EVP_PKEY
*load_example_key(const char *keytype
,
610 const unsigned char *data
, size_t data_len
)
612 const unsigned char **pdata
= &data
;
613 EVP_PKEY
*pkey
= NULL
;
614 OSSL_DECODER_CTX
*dctx
=
615 OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", NULL
, keytype
, 0,
618 /* |pkey| will be NULL on error */
619 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
620 OSSL_DECODER_CTX_free(dctx
);
624 static EVP_PKEY
*load_example_rsa_key(void)
626 return load_example_key("RSA", kExampleRSAKeyDER
,
627 sizeof(kExampleRSAKeyDER
));
630 #ifndef OPENSSL_NO_DSA
631 static EVP_PKEY
*load_example_dsa_key(void)
633 return load_example_key("DSA", kExampleDSAKeyDER
,
634 sizeof(kExampleDSAKeyDER
));
638 #ifndef OPENSSL_NO_EC
639 static EVP_PKEY
*load_example_ec_key(void)
641 return load_example_key("EC", kExampleECKeyDER
,
642 sizeof(kExampleECKeyDER
));
646 #ifndef OPENSSL_NO_DEPRECATED_3_0
647 # ifndef OPENSSL_NO_DH
648 static EVP_PKEY
*load_example_dh_key(void)
650 return load_example_key("DH", kExampleDHKeyDER
,
651 sizeof(kExampleDHKeyDER
));
655 # ifndef OPENSSL_NO_ECX
656 static EVP_PKEY
*load_example_ed25519_key(void)
658 return load_example_key("ED25519", kExampleED25519KeyDER
,
659 sizeof(kExampleED25519KeyDER
));
662 static EVP_PKEY
*load_example_x25519_key(void)
664 return load_example_key("X25519", kExampleX25519KeyDER
,
665 sizeof(kExampleX25519KeyDER
));
668 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
670 static EVP_PKEY
*load_example_hmac_key(void)
672 EVP_PKEY
*pkey
= NULL
;
673 unsigned char key
[] = {
674 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
675 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
676 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
679 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, "HMAC",
680 NULL
, key
, sizeof(key
));
687 static int test_EVP_set_default_properties(void)
693 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
694 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
699 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
700 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
701 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
706 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
707 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
712 OSSL_LIB_CTX_free(ctx
);
716 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
717 static EVP_PKEY
*make_key_fromdata(char *keytype
, OSSL_PARAM
*params
)
719 EVP_PKEY_CTX
*pctx
= NULL
;
720 EVP_PKEY
*tmp_pkey
= NULL
, *pkey
= NULL
;
722 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, keytype
, testpropq
)))
724 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
725 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &tmp_pkey
, EVP_PKEY_KEYPAIR
,
729 if (!TEST_ptr(tmp_pkey
))
735 EVP_PKEY_free(tmp_pkey
);
736 EVP_PKEY_CTX_free(pctx
);
740 static int test_selection(EVP_PKEY
*pkey
, int selection
)
744 BIO
*bio
= BIO_new(BIO_s_mem());
746 ret
= PEM_write_bio_PUBKEY(bio
, pkey
);
747 if ((selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0) {
751 if (!TEST_false(ret
))
754 ret
= PEM_write_bio_PrivateKey_ex(bio
, pkey
, NULL
, NULL
, 0, NULL
, NULL
,
756 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
760 if (!TEST_false(ret
))
770 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
773 * Test combinations of private, public, missing and private + public key
774 * params to ensure they are all accepted
776 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
777 static int test_EVP_PKEY_ffc_priv_pub(char *keytype
)
779 OSSL_PARAM_BLD
*bld
= NULL
;
780 OSSL_PARAM
*params
= NULL
;
781 EVP_PKEY
*just_params
= NULL
;
782 EVP_PKEY
*params_and_priv
= NULL
;
783 EVP_PKEY
*params_and_pub
= NULL
;
784 EVP_PKEY
*params_and_keypair
= NULL
;
785 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
789 * Setup the parameters for our pkey object. For our purposes they don't
790 * have to actually be *valid* parameters. We just need to set something.
792 if (!TEST_ptr(p
= BN_new())
793 || !TEST_ptr(q
= BN_new())
794 || !TEST_ptr(g
= BN_new())
795 || !TEST_ptr(pub
= BN_new())
796 || !TEST_ptr(priv
= BN_new()))
799 /* Test !priv and !pub */
800 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
801 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
802 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
)))
805 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
806 || !TEST_ptr(just_params
= make_key_fromdata(keytype
, params
)))
809 OSSL_PARAM_free(params
);
810 OSSL_PARAM_BLD_free(bld
);
814 if (!test_selection(just_params
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
815 || test_selection(just_params
, OSSL_KEYMGMT_SELECT_KEYPAIR
))
818 /* Test priv and !pub */
819 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
820 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
821 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
822 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
823 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
826 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
827 || !TEST_ptr(params_and_priv
= make_key_fromdata(keytype
, params
)))
830 OSSL_PARAM_free(params
);
831 OSSL_PARAM_BLD_free(bld
);
835 if (!test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
)
836 || test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
839 /* Test !priv and pub */
840 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
841 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
842 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
843 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
847 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
848 || !TEST_ptr(params_and_pub
= make_key_fromdata(keytype
, params
)))
851 OSSL_PARAM_free(params
);
852 OSSL_PARAM_BLD_free(bld
);
856 if (!test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
)
857 || test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
860 /* Test priv and pub */
861 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
862 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
863 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
864 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
865 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
867 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
870 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
871 || !TEST_ptr(params_and_keypair
= make_key_fromdata(keytype
, params
)))
874 if (!test_selection(params_and_keypair
, EVP_PKEY_KEYPAIR
))
879 OSSL_PARAM_free(params
);
880 OSSL_PARAM_BLD_free(bld
);
881 EVP_PKEY_free(just_params
);
882 EVP_PKEY_free(params_and_priv
);
883 EVP_PKEY_free(params_and_pub
);
884 EVP_PKEY_free(params_and_keypair
);
893 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
896 * Test combinations of private, public, missing and private + public key
897 * params to ensure they are all accepted for EC keys
899 #ifndef OPENSSL_NO_EC
900 static unsigned char ec_priv
[] = {
901 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
902 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
903 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
905 static unsigned char ec_pub
[] = {
906 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
907 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
908 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
909 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
910 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
911 0x08, 0x09, 0xb8, 0xdb, 0x03
914 static int test_EC_priv_pub(void)
916 OSSL_PARAM_BLD
*bld
= NULL
;
917 OSSL_PARAM
*params
= NULL
;
918 EVP_PKEY
*just_params
= NULL
;
919 EVP_PKEY
*params_and_priv
= NULL
;
920 EVP_PKEY
*params_and_pub
= NULL
;
921 EVP_PKEY
*params_and_keypair
= NULL
;
924 unsigned char *encoded
= NULL
;
926 unsigned char buffer
[128];
929 * Setup the parameters for our pkey object. For our purposes they don't
930 * have to actually be *valid* parameters. We just need to set something.
932 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
935 /* Test !priv and !pub */
936 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
937 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
938 OSSL_PKEY_PARAM_GROUP_NAME
,
941 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
942 || !TEST_ptr(just_params
= make_key_fromdata("EC", params
)))
945 OSSL_PARAM_free(params
);
946 OSSL_PARAM_BLD_free(bld
);
950 if (!test_selection(just_params
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
951 || test_selection(just_params
, OSSL_KEYMGMT_SELECT_KEYPAIR
))
954 /* Test priv and !pub */
955 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
956 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
957 OSSL_PKEY_PARAM_GROUP_NAME
,
959 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
962 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
963 || !TEST_ptr(params_and_priv
= make_key_fromdata("EC", params
)))
966 OSSL_PARAM_free(params
);
967 OSSL_PARAM_BLD_free(bld
);
972 * We indicate only parameters here, in spite of having built a key that
973 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
974 * expected to fail because it does not support exporting a private EC
975 * key without a corresponding public key
977 if (!test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
978 || test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
981 /* Test !priv and pub */
982 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
983 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
984 OSSL_PKEY_PARAM_GROUP_NAME
,
986 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
987 OSSL_PKEY_PARAM_PUB_KEY
,
988 ec_pub
, sizeof(ec_pub
))))
990 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
991 || !TEST_ptr(params_and_pub
= make_key_fromdata("EC", params
)))
994 OSSL_PARAM_free(params
);
995 OSSL_PARAM_BLD_free(bld
);
999 if (!test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
)
1000 || test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
1003 /* Test priv and pub */
1004 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
1005 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
1006 OSSL_PKEY_PARAM_GROUP_NAME
,
1008 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
1009 OSSL_PKEY_PARAM_PUB_KEY
,
1010 ec_pub
, sizeof(ec_pub
)))
1011 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
1014 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
1015 || !TEST_ptr(params_and_keypair
= make_key_fromdata("EC", params
)))
1018 if (!test_selection(params_and_keypair
, EVP_PKEY_KEYPAIR
))
1021 /* Try key equality */
1022 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, just_params
), 0)
1023 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_pub
),
1025 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_priv
),
1027 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_keypair
),
1029 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub
, params_and_pub
), 0)
1030 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv
, params_and_priv
), 0)
1031 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair
, params_and_pub
), 0)
1032 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair
, params_and_priv
), 0))
1035 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1036 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub
, &encoded
), 0))
1038 OPENSSL_free(encoded
);
1040 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params
, &encoded
), 0)) {
1041 OPENSSL_free(encoded
);
1046 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1047 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub
,
1048 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY
,
1049 buffer
, sizeof(buffer
), &len
), 1)
1050 || !TEST_int_eq(len
, 65))
1054 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub
,
1055 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY
,
1057 || !TEST_int_eq(len
, 65))
1060 /* too-short buffer len*/
1061 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub
,
1062 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY
,
1063 buffer
, 10, &len
), 0))
1068 OSSL_PARAM_free(params
);
1069 OSSL_PARAM_BLD_free(bld
);
1070 EVP_PKEY_free(just_params
);
1071 EVP_PKEY_free(params_and_priv
);
1072 EVP_PKEY_free(params_and_pub
);
1073 EVP_PKEY_free(params_and_keypair
);
1079 /* Also test that we can read the EC PUB affine coordinates */
1080 static int test_evp_get_ec_pub(void)
1082 OSSL_PARAM_BLD
*bld
= NULL
;
1083 OSSL_PARAM
*params
= NULL
;
1084 unsigned char *pad
= NULL
;
1085 EVP_PKEY
*keypair
= NULL
;
1086 BIGNUM
*priv
= NULL
;
1091 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
1094 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
1095 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
1096 OSSL_PKEY_PARAM_GROUP_NAME
,
1098 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
1099 OSSL_PKEY_PARAM_PUB_KEY
,
1100 ec_pub
, sizeof(ec_pub
)))
1101 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
1105 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
1106 || !TEST_ptr(keypair
= make_key_fromdata("EC", params
)))
1109 if (!test_selection(keypair
, EVP_PKEY_KEYPAIR
))
1112 if (!EVP_PKEY_get_bn_param(keypair
, OSSL_PKEY_PARAM_EC_PUB_X
, &x
)
1113 || !EVP_PKEY_get_bn_param(keypair
, OSSL_PKEY_PARAM_EC_PUB_Y
, &y
))
1116 if (!TEST_ptr(pad
= OPENSSL_zalloc(sizeof(ec_pub
))))
1120 BN_bn2bin(x
, &pad
[1]);
1121 BN_bn2bin(y
, &pad
[33]);
1122 if (!TEST_true(memcmp(ec_pub
, pad
, sizeof(ec_pub
)) == 0))
1128 OSSL_PARAM_free(params
);
1129 OSSL_PARAM_BLD_free(bld
);
1130 EVP_PKEY_free(keypair
);
1138 /* Test that using a legacy EC key with only a private key in it works */
1139 # ifndef OPENSSL_NO_DEPRECATED_3_0
1140 static int test_EC_priv_only_legacy(void)
1142 BIGNUM
*priv
= NULL
;
1144 EC_KEY
*eckey
= NULL
;
1145 EVP_PKEY
*pkey
= NULL
, *dup_pk
= NULL
;
1146 EVP_MD_CTX
*ctx
= NULL
;
1148 /* Create the low level EC_KEY */
1149 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
1152 eckey
= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
);
1153 if (!TEST_ptr(eckey
))
1156 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
1159 pkey
= EVP_PKEY_new();
1160 if (!TEST_ptr(pkey
))
1163 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1167 while (dup_pk
== NULL
) {
1169 ctx
= EVP_MD_CTX_new();
1174 * The EVP_DigestSignInit function should create the key on the
1175 * provider side which is sufficient for this test.
1177 if (!TEST_true(EVP_DigestSignInit_ex(ctx
, NULL
, NULL
, testctx
,
1178 testpropq
, pkey
, NULL
)))
1180 EVP_MD_CTX_free(ctx
);
1183 if (!TEST_ptr(dup_pk
= EVP_PKEY_dup(pkey
)))
1185 /* EVP_PKEY_eq() returns -2 with missing public keys */
1186 ret
= TEST_int_eq(EVP_PKEY_eq(pkey
, dup_pk
), -2);
1187 EVP_PKEY_free(pkey
);
1194 EVP_MD_CTX_free(ctx
);
1195 EVP_PKEY_free(pkey
);
1202 static int test_evp_get_ec_pub_legacy(void)
1204 OSSL_LIB_CTX
*libctx
= NULL
;
1205 unsigned char *pad
= NULL
;
1206 EVP_PKEY
*pkey
= NULL
;
1207 EC_KEY
*eckey
= NULL
;
1208 BIGNUM
*priv
= NULL
;
1213 if (!TEST_ptr(libctx
= OSSL_LIB_CTX_new()))
1216 /* Create the legacy key */
1217 if (!TEST_ptr(eckey
= EC_KEY_new_by_curve_name_ex(libctx
, NULL
,
1218 NID_X9_62_prime256v1
)))
1221 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
1224 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
1227 if (!TEST_ptr(x
= BN_bin2bn(&ec_pub
[1], 32, NULL
)))
1230 if (!TEST_ptr(y
= BN_bin2bn(&ec_pub
[33], 32, NULL
)))
1233 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey
, x
, y
)))
1236 if (!TEST_ptr(pkey
= EVP_PKEY_new()))
1239 /* Transfer the legacy key */
1240 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1244 if (!TEST_true(EVP_PKEY_get_bn_param(pkey
, OSSL_PKEY_PARAM_EC_PUB_X
, &x
))
1245 || !TEST_true(EVP_PKEY_get_bn_param(pkey
, OSSL_PKEY_PARAM_EC_PUB_Y
, &y
)))
1248 if (!TEST_ptr(pad
= OPENSSL_zalloc(sizeof(ec_pub
))))
1252 BN_bn2bin(x
, &pad
[1]);
1253 BN_bn2bin(y
, &pad
[33]);
1255 if (!TEST_true(memcmp(ec_pub
, pad
, sizeof(ec_pub
)) == 0))
1261 OSSL_LIB_CTX_free(libctx
);
1262 EVP_PKEY_free(pkey
);
1271 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1272 #endif /* OPENSSL_NO_EC */
1274 static int test_EVP_PKEY_sign(int tst
)
1277 EVP_PKEY
*pkey
= NULL
;
1278 unsigned char *sig
= NULL
;
1279 size_t sig_len
= 0, shortsig_len
= 1;
1280 EVP_PKEY_CTX
*ctx
= NULL
;
1281 unsigned char tbs
[] = {
1282 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1283 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1287 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1289 } else if (tst
== 1) {
1290 #ifndef OPENSSL_NO_DSA
1291 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1298 #ifndef OPENSSL_NO_EC
1299 if (!TEST_ptr(pkey
= load_example_ec_key()))
1307 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1309 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1310 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1313 sig
= OPENSSL_malloc(sig_len
);
1315 /* Test sending a signature buffer that is too short is rejected */
1316 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1318 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1320 /* Test the signature round-trips */
1321 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1322 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1328 EVP_PKEY_CTX_free(ctx
);
1330 EVP_PKEY_free(pkey
);
1334 #ifndef OPENSSL_NO_DEPRECATED_3_0
1335 static int test_EVP_PKEY_sign_with_app_method(int tst
)
1338 EVP_PKEY
*pkey
= NULL
;
1340 RSA_METHOD
*rsa_meth
= NULL
;
1341 #ifndef OPENSSL_NO_DSA
1343 DSA_METHOD
*dsa_meth
= NULL
;
1345 unsigned char *sig
= NULL
;
1346 size_t sig_len
= 0, shortsig_len
= 1;
1347 EVP_PKEY_CTX
*ctx
= NULL
;
1348 unsigned char tbs
[] = {
1349 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1350 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1354 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1356 if (!TEST_ptr(rsa_meth
= RSA_meth_dup(RSA_get_default_method())))
1359 if (!TEST_ptr(rsa
= EVP_PKEY_get1_RSA(pkey
))
1360 || !TEST_int_gt(RSA_set_method(rsa
, rsa_meth
), 0)
1361 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey
, rsa
), 0))
1363 rsa
= NULL
; /* now owned by the pkey */
1365 #ifndef OPENSSL_NO_DSA
1366 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1368 if (!TEST_ptr(dsa_meth
= DSA_meth_dup(DSA_get_default_method())))
1371 if (!TEST_ptr(dsa
= EVP_PKEY_get1_DSA(pkey
))
1372 || !TEST_int_gt(DSA_set_method(dsa
, dsa_meth
), 0)
1373 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey
, dsa
), 0))
1375 dsa
= NULL
; /* now owned by the pkey */
1382 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1384 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1385 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1388 sig
= OPENSSL_malloc(sig_len
);
1390 /* Test sending a signature buffer that is too short is rejected */
1391 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1393 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1395 /* Test the signature round-trips */
1396 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1397 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1403 EVP_PKEY_CTX_free(ctx
);
1405 EVP_PKEY_free(pkey
);
1407 RSA_meth_free(rsa_meth
);
1408 #ifndef OPENSSL_NO_DSA
1410 DSA_meth_free(dsa_meth
);
1414 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1417 * n = 0 => test using legacy cipher
1418 * n = 1 => test using fetched cipher
1420 static int test_EVP_Enveloped(int n
)
1423 EVP_CIPHER_CTX
*ctx
= NULL
;
1424 EVP_PKEY
*keypair
= NULL
;
1425 unsigned char *kek
= NULL
;
1426 unsigned char iv
[EVP_MAX_IV_LENGTH
];
1427 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1428 int len
, kek_len
, ciphertext_len
, plaintext_len
;
1429 unsigned char ciphertext
[32], plaintext
[16];
1430 EVP_CIPHER
*type
= NULL
;
1432 if (nullprov
!= NULL
)
1433 return TEST_skip("Test does not support a non-default library context");
1436 type
= (EVP_CIPHER
*)EVP_aes_256_cbc();
1437 else if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "AES-256-CBC",
1441 if (!TEST_ptr(keypair
= load_example_rsa_key())
1442 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_get_size(keypair
)))
1443 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1444 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
1446 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
1448 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
1452 ciphertext_len
+= len
;
1454 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
1455 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
1456 ciphertext
, ciphertext_len
))
1457 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
1460 plaintext_len
+= len
;
1461 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
1467 EVP_CIPHER_free(type
);
1469 EVP_PKEY_free(keypair
);
1470 EVP_CIPHER_CTX_free(ctx
);
1475 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1476 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1477 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1478 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1479 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1480 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1481 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1482 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1483 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1484 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1485 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1486 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1487 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1488 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1489 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1490 * Test 15-29: Same as above with reinitialization
1492 static int test_EVP_DigestSignInit(int tst
)
1495 EVP_PKEY
*pkey
= NULL
;
1496 unsigned char *sig
= NULL
, *sig2
= NULL
;
1497 size_t sig_len
= 0, sig2_len
= 0, shortsig_len
= 1;
1498 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
1499 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
1500 BIO
*mdbio
= NULL
, *membio
= NULL
;
1503 EVP_MD
*mdexp
= NULL
;
1506 if (nullprov
!= NULL
)
1507 return TEST_skip("Test does not support a non-default library context");
1514 if (tst
>= 6 && tst
<= 8) {
1515 membio
= BIO_new(BIO_s_mem());
1516 mdbio
= BIO_new(BIO_f_md());
1517 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
1519 BIO_push(mdbio
, membio
);
1520 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
1523 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
1524 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
1529 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1531 } else if (tst
% 3 == 1) {
1532 #ifndef OPENSSL_NO_DSA
1533 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1540 if (!TEST_ptr(pkey
= load_example_hmac_key()))
1544 if (tst
>= 3 && tst
<= 5)
1545 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
1549 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
1552 if (reinit
&& !TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, NULL
, NULL
, NULL
)))
1555 if (tst
>= 6 && tst
<= 8) {
1556 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
1558 } else if (tst
< 6) {
1559 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1564 /* Determine the size of the signature. */
1565 if (!TEST_true(EVP_DigestSign(md_ctx
, NULL
, &sig_len
, kMsg
,
1567 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1570 /* Test that supply a short sig buffer fails */
1571 if (!TEST_false(EVP_DigestSign(md_ctx
, sig
, &shortsig_len
, kMsg
,
1575 * We end here because once EVP_DigestSign() has failed you should
1576 * not call it again without re-initing the ctx
1581 if (!TEST_true(EVP_DigestSign(md_ctx
, sig
, &sig_len
, kMsg
,
1585 /* Determine the size of the signature. */
1586 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
1587 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
1589 * Trying to create a signature with a deliberately short
1590 * buffer should fail.
1592 || !TEST_false(EVP_DigestSignFinal(md_ctx
, sig
, &shortsig_len
))
1593 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1598 * Ensure that the signature round-trips (Verification isn't supported for
1599 * HMAC via EVP_DigestVerify*)
1602 if (tst
>= 6 && tst
<= 8) {
1603 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
1604 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
1608 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
1612 if (tst
>= 6 && tst
<= 8) {
1613 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
1616 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
1620 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1623 /* Multiple calls to EVP_DigestVerifyFinal should work */
1624 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1628 * For HMAC a doubled call to DigestSignFinal should produce the same
1629 * value as finalization should not happen.
1631 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig2_len
))
1632 || !TEST_ptr(sig2
= OPENSSL_malloc(sig2_len
))
1633 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig2
, &sig2_len
)))
1636 if (!TEST_mem_eq(sig
, sig_len
, sig2
, sig2_len
))
1645 EVP_MD_CTX_free(a_md_ctx
);
1646 EVP_MD_CTX_free(a_md_ctx_verify
);
1647 EVP_PKEY_free(pkey
);
1655 static int test_EVP_DigestVerifyInit(void)
1658 EVP_PKEY
*pkey
= NULL
;
1659 EVP_MD_CTX
*md_ctx
= NULL
;
1661 if (nullprov
!= NULL
)
1662 return TEST_skip("Test does not support a non-default library context");
1664 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1665 || !TEST_ptr(pkey
= load_example_rsa_key()))
1668 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
1669 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1670 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1671 sizeof(kSignature
)), 0))
1674 /* test with reinitialization */
1675 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, NULL
, NULL
, NULL
))
1676 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1677 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1678 sizeof(kSignature
)), 0))
1683 EVP_MD_CTX_free(md_ctx
);
1684 EVP_PKEY_free(pkey
);
1688 #ifndef OPENSSL_NO_SIPHASH
1689 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1690 static int test_siphash_digestsign(void)
1692 unsigned char key
[16];
1693 unsigned char buf
[8], digest
[8];
1694 unsigned char expected
[8] = {
1695 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1697 EVP_PKEY
*pkey
= NULL
;
1698 EVP_MD_CTX
*mdctx
= NULL
;
1699 EVP_PKEY_CTX
*ctx
= NULL
;
1703 if (nullprov
!= NULL
)
1704 return TEST_skip("Test does not support a non-default library context");
1708 if (!TEST_ptr(pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH
, NULL
,
1712 if (!TEST_ptr(mdctx
= EVP_MD_CTX_create()))
1715 if (!TEST_true(EVP_DigestSignInit(mdctx
, &ctx
, NULL
, NULL
, pkey
)))
1717 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_SIGNCTX
,
1718 EVP_PKEY_CTRL_SET_DIGEST_SIZE
,
1722 if (!TEST_true(EVP_DigestSignInit(mdctx
, NULL
, NULL
, NULL
, NULL
)))
1724 if (!TEST_true(EVP_DigestSignUpdate(mdctx
, buf
, 8)))
1726 if (!TEST_true(EVP_DigestSignFinal(mdctx
, digest
, &len
)))
1728 if (!TEST_mem_eq(digest
, len
, expected
, sizeof(expected
)))
1733 EVP_PKEY_free(pkey
);
1734 EVP_MD_CTX_free(mdctx
);
1740 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1742 static int test_EVP_Digest(void)
1745 EVP_MD_CTX
*md_ctx
= NULL
;
1746 unsigned char md
[EVP_MAX_MD_SIZE
];
1747 EVP_MD
*sha256
= NULL
;
1748 EVP_MD
*shake256
= NULL
;
1750 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1753 if (!TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", testpropq
))
1754 || !TEST_ptr(shake256
= EVP_MD_fetch(testctx
, "shake256", testpropq
)))
1757 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1758 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1759 || !TEST_true(EVP_DigestFinal(md_ctx
, md
, NULL
))
1760 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1761 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx
), NULL
))
1764 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1765 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1766 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md
, NULL
))
1767 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1768 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1770 * EVP_DigestInit_ex with NULL type should work on
1771 * pre-initialized context.
1773 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1776 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, shake256
, NULL
))
1777 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1778 || !TEST_true(EVP_DigestFinalXOF(md_ctx
, md
, sizeof(md
)))
1779 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1780 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1781 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1786 EVP_MD_CTX_free(md_ctx
);
1787 EVP_MD_free(sha256
);
1788 EVP_MD_free(shake256
);
1792 static int test_EVP_md_null(void)
1795 EVP_MD_CTX
*md_ctx
= NULL
;
1796 const EVP_MD
*md_null
= EVP_md_null();
1797 unsigned char md_value
[EVP_MAX_MD_SIZE
];
1798 unsigned int md_len
= sizeof(md_value
);
1800 if (nullprov
!= NULL
)
1801 return TEST_skip("Test does not support a non-default library context");
1803 if (!TEST_ptr(md_null
)
1804 || !TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1807 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, md_null
, NULL
))
1808 || !TEST_true(EVP_DigestUpdate(md_ctx
, "test", 4))
1809 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md_value
, &md_len
)))
1812 if (!TEST_uint_eq(md_len
, 0))
1817 EVP_MD_CTX_free(md_ctx
);
1821 static int test_d2i_AutoPrivateKey(int i
)
1824 const unsigned char *p
;
1825 EVP_PKEY
*pkey
= NULL
;
1826 const APK_DATA
*ak
= &keydata
[i
];
1827 const unsigned char *input
= ak
->kder
;
1828 size_t input_len
= ak
->size
;
1829 int expected_id
= ak
->evptype
;
1832 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1833 || !TEST_ptr_eq(p
, input
+ input_len
)
1834 || !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
1840 EVP_PKEY_free(pkey
);
1844 #ifndef OPENSSL_NO_EC
1846 static const unsigned char ec_public_sect163k1_validxy
[] = {
1847 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1848 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1849 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1850 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1851 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1852 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1855 static const unsigned char ec_public_sect163k1_badx
[] = {
1856 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1857 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1858 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1859 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1860 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1861 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1864 static const unsigned char ec_public_sect163k1_bady
[] = {
1865 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1866 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1867 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1868 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1869 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1870 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1873 static struct ec_der_pub_keys_st
{
1874 const unsigned char *der
;
1877 } ec_der_pub_keys
[] = {
1878 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
1879 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
1880 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
1884 * Tests the range of the decoded EC char2 public point.
1885 * See ec_GF2m_simple_oct2point().
1887 static int test_invalide_ec_char2_pub_range_decode(int id
)
1892 pkey
= load_example_key("EC", ec_der_pub_keys
[id
].der
,
1893 ec_der_pub_keys
[id
].len
);
1895 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(pkey
))
1896 || TEST_ptr_null(pkey
);
1897 EVP_PKEY_free(pkey
);
1901 /* Tests loading a bad key in PKCS8 format */
1902 static int test_EVP_PKCS82PKEY(void)
1905 const unsigned char *derp
= kExampleBadECKeyDER
;
1906 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1907 EVP_PKEY
*pkey
= NULL
;
1909 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
1910 sizeof(kExampleBadECKeyDER
))))
1913 if (!TEST_ptr_eq(derp
,
1914 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
1917 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
1923 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1924 EVP_PKEY_free(pkey
);
1930 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1932 EVP_PKEY
*pkey
= NULL
;
1933 EVP_PKEY
*pkey2
= NULL
;
1935 char *membuf
= NULL
;
1936 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1939 if (testctx
!= NULL
)
1940 /* test not supported with non-default context */
1943 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1944 || !TEST_ptr(pkey
= load_example_rsa_key())
1945 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1946 NULL
, 0, NULL
, NULL
),
1948 || !TEST_int_gt(BIO_get_mem_data(membio
, &membuf
), 0)
1949 || !TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO_bio(membio
, NULL
))
1950 || !TEST_ptr(pkey2
= EVP_PKCS82PKEY(p8inf
))
1951 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1957 EVP_PKEY_free(pkey
);
1958 EVP_PKEY_free(pkey2
);
1959 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1960 BIO_free_all(membio
);
1964 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1965 static int test_privatekey_to_pkcs8(void)
1967 EVP_PKEY
*pkey
= NULL
;
1969 char *membuf
= NULL
;
1970 long membuf_len
= 0;
1973 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1974 || !TEST_ptr(pkey
= load_example_rsa_key())
1975 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1976 NULL
, 0, NULL
, NULL
),
1978 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
1979 || !TEST_ptr(membuf
)
1980 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
1981 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
1983 * We try to write PEM as well, just to see that it doesn't err, but
1984 * assume that the result is correct.
1986 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
1987 NULL
, 0, NULL
, NULL
),
1993 EVP_PKEY_free(pkey
);
1994 BIO_free_all(membio
);
1998 #ifndef OPENSSL_NO_EC
1999 static const struct {
2001 const char *encoding_name
;
2002 } ec_encodings
[] = {
2003 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
2004 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
2007 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
2009 const OSSL_PARAM
*p
;
2010 const char *enc_name
= NULL
;
2016 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
2017 OSSL_PKEY_PARAM_EC_ENCODING
))
2018 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
2021 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
2022 if (OPENSSL_strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
2023 *enc
= ec_encodings
[i
].encoding
;
2028 return (*enc
!= -1);
2031 static int test_EC_keygen_with_enc(int idx
)
2033 EVP_PKEY
*params
= NULL
, *key
= NULL
;
2034 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
2038 enc
= ec_encodings
[idx
].encoding
;
2040 /* Create key parameters */
2041 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
2042 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx
), 0)
2043 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"), 0)
2044 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
), 0)
2045 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
2046 || !TEST_ptr(params
))
2050 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
2051 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2052 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
2056 /* Check that the encoding got all the way into the key */
2057 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
2058 ec_export_get_encoding_cb
, &enc
))
2059 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
2065 EVP_PKEY_free(params
);
2066 EVP_PKEY_CTX_free(kctx
);
2067 EVP_PKEY_CTX_free(pctx
);
2072 #if !defined(OPENSSL_NO_SM2)
2074 static int test_EVP_SM2_verify(void)
2076 const char *pubkey
=
2077 "-----BEGIN PUBLIC KEY-----\n"
2078 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2079 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2080 "-----END PUBLIC KEY-----\n";
2082 const char *msg
= "message digest";
2083 const char *id
= "ALICE123@YAHOO.COM";
2085 const uint8_t signature
[] = {
2086 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2087 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2088 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2089 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2090 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2091 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2092 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2097 EVP_PKEY
*pkey
= NULL
;
2098 EVP_MD_CTX
*mctx
= NULL
;
2099 EVP_PKEY_CTX
*pctx
= NULL
;
2102 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
2103 if (!TEST_true(bio
!= NULL
))
2106 pkey
= PEM_read_bio_PUBKEY_ex(bio
, NULL
, NULL
, NULL
, testctx
, testpropq
);
2107 if (!TEST_true(pkey
!= NULL
))
2110 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
2113 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
2116 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2119 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
2121 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
2124 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, sm3
, NULL
, pkey
)))
2127 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
2130 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
2133 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
)), 0))
2139 EVP_PKEY_free(pkey
);
2140 EVP_PKEY_CTX_free(pctx
);
2141 EVP_MD_CTX_free(mctx
);
2146 static int test_EVP_SM2(void)
2149 EVP_PKEY
*pkey
= NULL
;
2150 EVP_PKEY
*pkeyparams
= NULL
;
2151 EVP_PKEY_CTX
*pctx
= NULL
;
2152 EVP_PKEY_CTX
*kctx
= NULL
;
2153 EVP_PKEY_CTX
*sctx
= NULL
;
2155 unsigned char *sig
= NULL
;
2156 EVP_MD_CTX
*md_ctx
= NULL
;
2157 EVP_MD_CTX
*md_ctx_verify
= NULL
;
2158 EVP_PKEY_CTX
*cctx
= NULL
;
2159 EVP_MD
*check_md
= NULL
;
2161 uint8_t ciphertext
[128];
2162 size_t ctext_len
= sizeof(ciphertext
);
2164 uint8_t plaintext
[8];
2165 size_t ptext_len
= sizeof(plaintext
);
2167 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2169 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
2170 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
2172 char mdname
[OSSL_MAX_NAME_SIZE
];
2174 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
,
2178 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
2181 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
), 0))
2184 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
2187 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
2188 pkeyparams
, testpropq
)))
2191 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0))
2194 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
2197 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
2200 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
2203 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2206 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
2207 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
2209 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
2212 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, check_md
, NULL
, pkey
)))
2215 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
2218 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
2221 /* Determine the size of the signature. */
2222 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
2225 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
2228 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
2231 /* Ensure that the signature round-trips. */
2233 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
2237 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
2240 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
2243 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
2247 * Try verify again with non-matching 0 length id but ensure that it can
2248 * be set on the context and overrides the previous value.
2251 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
2255 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, NULL
, 0), 0))
2258 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
2261 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
2264 /* now check encryption/decryption */
2266 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
2267 mdname
, sizeof(mdname
));
2268 for (i
= 0; i
< 2; i
++) {
2269 const char *mdnames
[] = {
2270 #ifndef OPENSSL_NO_SM3
2276 EVP_PKEY_CTX_free(cctx
);
2278 if (mdnames
[i
] == NULL
)
2282 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
2283 (char *)mdnames
[i
], 0);
2285 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
2289 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
2292 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
2295 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
2299 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx
), 0))
2302 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
2305 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
2309 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
2313 * Test we're still using the digest we think we are.
2314 * Because of aliases, the easiest is to fetch the digest and
2315 * check the name with EVP_MD_is_a().
2317 EVP_MD_free(check_md
);
2318 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, mdname
, testpropq
)))
2320 if (!TEST_true(EVP_MD_is_a(check_md
, mdnames
[i
]))) {
2321 TEST_info("Fetched md %s isn't %s", mdname
, mdnames
[i
]);
2325 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
2328 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
2334 EVP_PKEY_CTX_free(pctx
);
2335 EVP_PKEY_CTX_free(kctx
);
2336 EVP_PKEY_CTX_free(sctx
);
2337 EVP_PKEY_CTX_free(cctx
);
2338 EVP_PKEY_free(pkey
);
2339 EVP_PKEY_free(pkeyparams
);
2340 EVP_MD_CTX_free(md_ctx
);
2341 EVP_MD_CTX_free(md_ctx_verify
);
2342 EVP_MD_free(check_md
);
2349 static struct keys_st
{
2355 EVP_PKEY_HMAC
, "0123456789", NULL
2358 EVP_PKEY_HMAC
, "", NULL
2359 #ifndef OPENSSL_NO_POLY1305
2361 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
2363 #ifndef OPENSSL_NO_SIPHASH
2365 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
2368 #ifndef OPENSSL_NO_ECX
2370 EVP_PKEY_X25519
, "01234567890123456789012345678901",
2371 "abcdefghijklmnopqrstuvwxyzabcdef"
2373 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
2374 "abcdefghijklmnopqrstuvwxyzabcdef"
2377 "01234567890123456789012345678901234567890123456789012345",
2378 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2381 "012345678901234567890123456789012345678901234567890123456",
2382 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2387 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
2390 unsigned char buf
[80];
2392 size_t inlen
, len
= 0, shortlen
= 1;
2395 /* Check if this algorithm supports public keys */
2396 if (pub
&& keys
[tst
].pub
== NULL
)
2399 memset(buf
, 0, sizeof(buf
));
2402 #ifndef OPENSSL_NO_EC
2403 inlen
= strlen(keys
[tst
].pub
);
2404 in
= (unsigned char *)keys
[tst
].pub
;
2406 pkey
= EVP_PKEY_new_raw_public_key_ex(
2408 OBJ_nid2sn(keys
[tst
].type
),
2413 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
2422 inlen
= strlen(keys
[tst
].priv
);
2423 in
= (unsigned char *)keys
[tst
].priv
;
2425 pkey
= EVP_PKEY_new_raw_private_key_ex(
2426 testctx
, OBJ_nid2sn(keys
[tst
].type
),
2431 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
2439 || !TEST_int_eq(EVP_PKEY_eq(pkey
, pkey
), 1)
2440 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
2441 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
2442 || !TEST_true(len
== inlen
))
2446 * Test that supplying a buffer that is too small fails. Doesn't apply
2447 * to HMAC with a zero length key
2449 if ((!pub
&& !TEST_false(EVP_PKEY_get_raw_private_key(pkey
, buf
,
2451 || (pub
&& !TEST_false(EVP_PKEY_get_raw_public_key(pkey
, buf
,
2455 if ((!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
2456 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
2457 || !TEST_mem_eq(in
, inlen
, buf
, len
))
2462 EVP_PKEY_free(pkey
);
2466 static int test_set_get_raw_keys(int tst
)
2468 return (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 0, 0))
2469 && test_set_get_raw_keys_int(tst
, 0, 1)
2470 && (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 1, 0))
2471 && test_set_get_raw_keys_int(tst
, 1, 1);
2474 #ifndef OPENSSL_NO_DEPRECATED_3_0
2475 static int pkey_custom_check(EVP_PKEY
*pkey
)
2480 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
2485 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
2490 static EVP_PKEY_METHOD
*custom_pmeth
;
2493 static int test_EVP_PKEY_check(int i
)
2496 EVP_PKEY
*pkey
= NULL
;
2497 EVP_PKEY_CTX
*ctx
= NULL
;
2498 #ifndef OPENSSL_NO_DEPRECATED_3_0
2499 EVP_PKEY_CTX
*ctx2
= NULL
;
2501 const APK_DATA
*ak
= &keycheckdata
[i
];
2502 const unsigned char *input
= ak
->kder
;
2503 size_t input_len
= ak
->size
;
2504 int expected_id
= ak
->evptype
;
2505 int expected_check
= ak
->check
;
2506 int expected_pub_check
= ak
->pub_check
;
2507 int expected_param_check
= ak
->param_check
;
2508 int type
= ak
->type
;
2510 if (!TEST_ptr(pkey
= load_example_key(ak
->keytype
, input
, input_len
)))
2513 && !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
2516 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2519 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
2522 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
2525 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
2528 #ifndef OPENSSL_NO_DEPRECATED_3_0
2529 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
2530 /* assign the pkey directly, as an internal test */
2531 EVP_PKEY_up_ref(pkey
);
2534 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
2537 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
2540 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
2547 EVP_PKEY_CTX_free(ctx
);
2548 #ifndef OPENSSL_NO_DEPRECATED_3_0
2549 EVP_PKEY_CTX_free(ctx2
);
2551 EVP_PKEY_free(pkey
);
2555 #ifndef OPENSSL_NO_CMAC
2556 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
2558 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
2559 const char msg
[] = "Hello World";
2560 size_t maclen
= AES_BLOCK_SIZE
;
2563 if (!TEST_ptr(mdctx
)
2564 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, NULL
, testctx
,
2565 testpropq
, pkey
, NULL
))
2566 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
2567 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
2568 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
2571 EVP_MD_CTX_free(mdctx
);
2575 static int test_CMAC_keygen(void)
2577 static unsigned char key
[] = {
2578 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2579 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2580 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2582 EVP_PKEY_CTX
*kctx
= NULL
;
2584 EVP_PKEY
*pkey
= NULL
;
2585 unsigned char mac
[AES_BLOCK_SIZE
];
2586 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2587 unsigned char mac2
[AES_BLOCK_SIZE
];
2590 if (nullprov
!= NULL
)
2591 return TEST_skip("Test does not support a non-default library context");
2594 * This is a legacy method for CMACs, but should still work.
2595 * This verifies that it works without an ENGINE.
2597 kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
2599 /* Test a CMAC key created using the "generated" method */
2600 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2601 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2602 EVP_PKEY_CTRL_CIPHER
,
2603 0, (void *)EVP_aes_256_cbc()), 0)
2604 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2605 EVP_PKEY_CTRL_SET_MAC_KEY
,
2606 sizeof(key
), (void *)key
), 0)
2607 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
2609 || !TEST_true(get_cmac_val(pkey
, mac
)))
2612 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2613 EVP_PKEY_free(pkey
);
2616 * Test a CMAC key using the direct method, and compare with the mac
2619 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_cbc());
2621 || !TEST_true(get_cmac_val(pkey
, mac2
))
2622 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
2629 EVP_PKEY_free(pkey
);
2630 EVP_PKEY_CTX_free(kctx
);
2635 static int test_HKDF(void)
2638 unsigned char out
[20];
2641 unsigned char salt
[] = "0123456789";
2642 unsigned char key
[] = "012345678901234567890123456789";
2643 unsigned char info
[] = "infostring";
2644 const unsigned char expected
[] = {
2645 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2646 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2648 size_t expectedlen
= sizeof(expected
);
2650 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2653 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2654 for (i
= 0; i
< 2; i
++) {
2655 outlen
= sizeof(out
);
2656 memset(out
, 0, outlen
);
2658 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2659 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2660 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2661 sizeof(salt
) - 1), 0)
2662 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2663 sizeof(key
) - 1), 0)
2664 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2665 sizeof(info
) - 1), 0)
2666 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2667 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2674 EVP_PKEY_CTX_free(pctx
);
2679 static int test_emptyikm_HKDF(void)
2682 unsigned char out
[20];
2685 unsigned char salt
[] = "9876543210";
2686 unsigned char key
[] = "";
2687 unsigned char info
[] = "stringinfo";
2688 const unsigned char expected
[] = {
2689 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2690 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2692 size_t expectedlen
= sizeof(expected
);
2694 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2697 outlen
= sizeof(out
);
2698 memset(out
, 0, outlen
);
2700 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2701 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2702 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2703 sizeof(salt
) - 1), 0)
2704 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2705 sizeof(key
) - 1), 0)
2706 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2707 sizeof(info
) - 1), 0)
2708 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2709 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2715 EVP_PKEY_CTX_free(pctx
);
2720 #ifndef OPENSSL_NO_EC
2721 static int test_X509_PUBKEY_inplace(void)
2724 X509_PUBKEY
*xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2725 const unsigned char *p
= kExampleECPubKeyDER
;
2726 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2730 if (!TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2733 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
2736 p
= kExampleBadECPubKeyDER
;
2737 input_len
= sizeof(kExampleBadECPubKeyDER
);
2739 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2742 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
2748 X509_PUBKEY_free(xp
);
2752 static int test_X509_PUBKEY_dup(void)
2755 X509_PUBKEY
*xp
= NULL
, *xq
= NULL
;
2756 const unsigned char *p
= kExampleECPubKeyDER
;
2757 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2759 xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2761 || !TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2762 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
))
2763 || !TEST_ptr_ne(xp
, xq
))
2766 if (!TEST_ptr(X509_PUBKEY_get0(xq
))
2767 || !TEST_ptr(X509_PUBKEY_get0(xp
))
2768 || !TEST_ptr_ne(X509_PUBKEY_get0(xq
), X509_PUBKEY_get0(xp
)))
2771 X509_PUBKEY_free(xq
);
2773 p
= kExampleBadECPubKeyDER
;
2774 input_len
= sizeof(kExampleBadECPubKeyDER
);
2776 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2777 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
)))
2780 X509_PUBKEY_free(xp
);
2782 if (!TEST_true(X509_PUBKEY_get0(xq
) == NULL
))
2788 X509_PUBKEY_free(xp
);
2789 X509_PUBKEY_free(xq
);
2792 #endif /* OPENSSL_NO_EC */
2794 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2795 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
2797 EVP_MD_CTX
*mdctx
= NULL
;
2798 EVP_PKEY_CTX
*ctx
= NULL
;
2799 const OSSL_PARAM
*params
;
2800 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
2803 char mdname
[OSSL_MAX_NAME_SIZE
];
2806 /* Initialise a sign operation */
2807 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
);
2809 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
2813 * We should be able to query the parameters now.
2815 params
= EVP_PKEY_CTX_settable_params(ctx
);
2816 if (!TEST_ptr(params
)
2817 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2818 OSSL_SIGNATURE_PARAM_DIGEST
)))
2821 params
= EVP_PKEY_CTX_gettable_params(ctx
);
2822 if (!TEST_ptr(params
)
2823 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2824 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
2825 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2826 OSSL_SIGNATURE_PARAM_DIGEST
)))
2830 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2831 * EVP_PKEY_CTX_get_params()
2833 strcpy(mdname
, "SHA512");
2835 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2837 *param
++ = OSSL_PARAM_construct_end();
2839 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
2843 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2844 mdname
, sizeof(mdname
));
2845 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
2846 || !TEST_str_eq(mdname
, "SHA512"))
2850 * Test the TEST_PKEY_CTX_set_signature_md() and
2851 * TEST_PKEY_CTX_get_signature_md() functions
2853 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
2854 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
2855 || !TEST_ptr_eq(md
, EVP_sha256()))
2859 * Test getting MD parameters via an associated EVP_PKEY_CTX
2861 mdctx
= EVP_MD_CTX_new();
2862 if (!TEST_ptr(mdctx
)
2863 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", testctx
, testpropq
,
2868 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2869 * able to obtain the digest's settable parameters from the provider.
2871 params
= EVP_MD_CTX_settable_params(mdctx
);
2872 if (!TEST_ptr(params
)
2873 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
2874 /* The final key should be NULL */
2875 || !TEST_ptr_null(params
[1].key
))
2879 memset(ssl3ms
, 0, sizeof(ssl3ms
));
2880 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
2881 ssl3ms
, sizeof(ssl3ms
));
2882 *param
++ = OSSL_PARAM_construct_end();
2884 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
2890 EVP_MD_CTX_free(mdctx
);
2891 EVP_PKEY_CTX_free(ctx
);
2896 #ifndef OPENSSL_NO_DSA
2897 static int test_DSA_get_set_params(void)
2899 OSSL_PARAM_BLD
*bld
= NULL
;
2900 OSSL_PARAM
*params
= NULL
;
2901 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
2902 EVP_PKEY_CTX
*pctx
= NULL
;
2903 EVP_PKEY
*pkey
= NULL
;
2907 * Setup the parameters for our DSA object. For our purposes they don't
2908 * have to actually be *valid* parameters. We just need to set something.
2910 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "DSA", NULL
))
2911 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2912 || !TEST_ptr(p
= BN_new())
2913 || !TEST_ptr(q
= BN_new())
2914 || !TEST_ptr(g
= BN_new())
2915 || !TEST_ptr(pub
= BN_new())
2916 || !TEST_ptr(priv
= BN_new()))
2918 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
2919 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
2920 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
2921 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
2923 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
2926 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2929 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2930 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2934 if (!TEST_ptr(pkey
))
2937 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2940 EVP_PKEY_free(pkey
);
2941 EVP_PKEY_CTX_free(pctx
);
2942 OSSL_PARAM_free(params
);
2943 OSSL_PARAM_BLD_free(bld
);
2954 * Test combinations of private, public, missing and private + public key
2955 * params to ensure they are all accepted
2957 static int test_DSA_priv_pub(void)
2959 return test_EVP_PKEY_ffc_priv_pub("DSA");
2962 #endif /* !OPENSSL_NO_DSA */
2964 static int test_RSA_get_set_params(void)
2966 OSSL_PARAM_BLD
*bld
= NULL
;
2967 OSSL_PARAM
*params
= NULL
;
2968 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
2969 EVP_PKEY_CTX
*pctx
= NULL
;
2970 EVP_PKEY
*pkey
= NULL
;
2974 * Setup the parameters for our RSA object. For our purposes they don't
2975 * have to actually be *valid* parameters. We just need to set something.
2977 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
2978 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2979 || !TEST_ptr(n
= BN_new())
2980 || !TEST_ptr(e
= BN_new())
2981 || !TEST_ptr(d
= BN_new()))
2983 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
2984 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
2985 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
2987 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2990 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2991 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2995 if (!TEST_ptr(pkey
))
2998 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
3001 EVP_PKEY_free(pkey
);
3002 EVP_PKEY_CTX_free(pctx
);
3003 OSSL_PARAM_free(params
);
3004 OSSL_PARAM_BLD_free(bld
);
3012 static int test_RSA_OAEP_set_get_params(void)
3015 EVP_PKEY
*key
= NULL
;
3016 EVP_PKEY_CTX
*key_ctx
= NULL
;
3018 if (nullprov
!= NULL
)
3019 return TEST_skip("Test does not support a non-default library context");
3021 if (!TEST_ptr(key
= load_example_rsa_key())
3022 || !TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(0, key
, 0)))
3026 int padding
= RSA_PKCS1_OAEP_PADDING
;
3027 OSSL_PARAM params
[4];
3029 params
[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE
, &padding
);
3030 params
[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST
,
3031 OSSL_DIGEST_NAME_SHA2_256
, 0);
3032 params
[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST
,
3033 OSSL_DIGEST_NAME_SHA1
, 0);
3034 params
[3] = OSSL_PARAM_construct_end();
3036 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx
, params
),0))
3040 OSSL_PARAM params
[3];
3041 char oaepmd
[30] = { '\0' };
3042 char mgf1md
[30] = { '\0' };
3044 params
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST
,
3045 oaepmd
, sizeof(oaepmd
));
3046 params
[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST
,
3047 mgf1md
, sizeof(mgf1md
));
3048 params
[2] = OSSL_PARAM_construct_end();
3050 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx
, params
)))
3053 if (!TEST_str_eq(oaepmd
, OSSL_DIGEST_NAME_SHA2_256
)
3054 || !TEST_str_eq(mgf1md
, OSSL_DIGEST_NAME_SHA1
))
3062 EVP_PKEY_CTX_free(key_ctx
);
3067 /* https://github.com/openssl/openssl/issues/21288 */
3068 static int test_RSA_OAEP_set_null_label(void)
3071 EVP_PKEY
*key
= NULL
;
3072 EVP_PKEY_CTX
*key_ctx
= NULL
;
3074 if (!TEST_ptr(key
= load_example_rsa_key())
3075 || !TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, key
, NULL
))
3076 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx
)))
3079 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx
, RSA_PKCS1_OAEP_PADDING
)))
3082 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx
, OPENSSL_strdup("foo"), 0)))
3085 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx
, NULL
, 0)))
3092 EVP_PKEY_CTX_free(key_ctx
);
3097 #ifndef OPENSSL_NO_DEPRECATED_3_0
3098 static int test_RSA_legacy(void)
3106 const EVP_MD
*md
= EVP_sha256();
3107 EVP_MD_CTX
*ctx
= NULL
;
3108 EVP_PKEY
*pkey
= NULL
;
3111 if (nullprov
!= NULL
)
3112 return TEST_skip("Test does not support a non-default library context");
3114 if (!TEST_ptr(p
= BN_dup(BN_value_one()))
3115 || !TEST_ptr(q
= BN_dup(BN_value_one()))
3116 || !TEST_ptr(n
= BN_dup(BN_value_one()))
3117 || !TEST_ptr(e
= BN_dup(BN_value_one()))
3118 || !TEST_ptr(d
= BN_dup(BN_value_one())))
3121 if (!TEST_ptr(rsa
= RSA_new())
3122 || !TEST_ptr(pkey
= EVP_PKEY_new())
3123 || !TEST_ptr(ctx
= EVP_MD_CTX_new()))
3126 if (!TEST_true(RSA_set0_factors(rsa
, p
, q
)))
3131 if (!TEST_true(RSA_set0_key(rsa
, n
, e
, d
)))
3137 if (!TEST_true(EVP_PKEY_assign_RSA(pkey
, rsa
)))
3142 if (!TEST_true(EVP_DigestSignInit(ctx
, NULL
, md
, NULL
, pkey
)))
3149 EVP_MD_CTX_free(ctx
);
3150 EVP_PKEY_free(pkey
);
3161 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3162 static int test_decrypt_null_chunks(void)
3164 EVP_CIPHER_CTX
* ctx
= NULL
;
3165 EVP_CIPHER
*cipher
= NULL
;
3166 const unsigned char key
[32] = {
3167 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3168 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3169 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
3171 unsigned char iv
[12] = {
3172 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
3174 unsigned char msg
[] = "It was the best of times, it was the worst of times";
3175 unsigned char ciphertext
[80];
3176 unsigned char plaintext
[80];
3177 /* We initialise tmp to a non zero value on purpose */
3178 int ctlen
, ptlen
, tmp
= 99;
3180 const int enc_offset
= 10, dec_offset
= 20;
3182 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "ChaCha20-Poly1305", testpropq
))
3183 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
3184 || !TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
,
3186 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
3188 /* Deliberate add a zero length update */
3189 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
3191 || !TEST_int_eq(tmp
, 0)
3192 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
3194 sizeof(msg
) - enc_offset
))
3195 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
3196 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
3197 || !TEST_int_eq(tmp
, 0))
3200 /* Deliberately initialise tmp to a non zero value */
3202 if (!TEST_true(EVP_DecryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
3203 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
3206 * Deliberately add a zero length update. We also deliberately do
3207 * this at a different offset than for encryption.
3209 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
3211 || !TEST_int_eq(tmp
, 0)
3212 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
3213 ciphertext
+ dec_offset
,
3214 ctlen
- dec_offset
))
3215 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
3216 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
3217 || !TEST_int_eq(tmp
, 0)
3218 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
3223 EVP_CIPHER_CTX_free(ctx
);
3224 EVP_CIPHER_free(cipher
);
3227 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3229 #ifndef OPENSSL_NO_DH
3231 * Test combinations of private, public, missing and private + public key
3232 * params to ensure they are all accepted
3234 static int test_DH_priv_pub(void)
3236 return test_EVP_PKEY_ffc_priv_pub("DH");
3239 # ifndef OPENSSL_NO_DEPRECATED_3_0
3240 static int test_EVP_PKEY_set1_DH(void)
3242 DH
*x942dh
= NULL
, *noqdh
= NULL
;
3243 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
3245 BIGNUM
*p
, *g
= NULL
;
3246 BIGNUM
*pubkey
= NULL
;
3247 unsigned char pub
[2048 / 8];
3250 if (!TEST_ptr(p
= BN_new())
3251 || !TEST_ptr(g
= BN_new())
3252 || !TEST_ptr(pubkey
= BN_new())
3253 || !TEST_true(BN_set_word(p
, 9999))
3254 || !TEST_true(BN_set_word(g
, 2))
3255 || !TEST_true(BN_set_word(pubkey
, 4321))
3256 || !TEST_ptr(noqdh
= DH_new())
3257 || !TEST_true(DH_set0_pqg(noqdh
, p
, NULL
, g
))
3258 || !TEST_true(DH_set0_key(noqdh
, pubkey
, NULL
))
3259 || !TEST_ptr(pubkey
= BN_new())
3260 || !TEST_true(BN_set_word(pubkey
, 4321)))
3264 x942dh
= DH_get_2048_256();
3265 pkey1
= EVP_PKEY_new();
3266 pkey2
= EVP_PKEY_new();
3267 if (!TEST_ptr(x942dh
)
3271 || !TEST_true(DH_set0_key(x942dh
, pubkey
, NULL
)))
3275 if (!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
3276 || !TEST_int_eq(EVP_PKEY_get_id(pkey1
), EVP_PKEY_DHX
))
3279 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1
, OSSL_PKEY_PARAM_PUB_KEY
,
3281 || !TEST_ptr(pubkey
))
3284 if (!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
3285 || !TEST_int_eq(EVP_PKEY_get_id(pkey2
), EVP_PKEY_DH
))
3288 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2
,
3289 OSSL_PKEY_PARAM_PUB_KEY
,
3290 pub
, sizeof(pub
), &len
))
3291 || !TEST_size_t_ne(len
, 0))
3299 EVP_PKEY_free(pkey1
);
3300 EVP_PKEY_free(pkey2
);
3306 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3307 #endif /* !OPENSSL_NO_DH */
3310 * We test what happens with an empty template. For the sake of this test,
3311 * the template must be ignored, and we know that's the case for RSA keys
3312 * (this might arguably be a misfeature, but that's what we currently do,
3313 * even in provider code, since that's how the legacy RSA implementation
3316 static int test_keygen_with_empty_template(int n
)
3318 EVP_PKEY_CTX
*ctx
= NULL
;
3319 EVP_PKEY
*pkey
= NULL
;
3320 EVP_PKEY
*tkey
= NULL
;
3323 if (nullprov
!= NULL
)
3324 return TEST_skip("Test does not support a non-default library context");
3328 /* We do test with no template at all as well */
3329 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
3333 /* Here we create an empty RSA key that serves as our template */
3334 if (!TEST_ptr(tkey
= EVP_PKEY_new())
3335 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
3336 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
3341 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3342 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
3347 EVP_PKEY_CTX_free(ctx
);
3348 EVP_PKEY_free(pkey
);
3349 EVP_PKEY_free(tkey
);
3354 * Test that we fail if we attempt to use an algorithm that is not available
3355 * in the current library context (unless we are using an algorithm that
3356 * should be made available via legacy codepaths).
3361 static int test_pkey_ctx_fail_without_provider(int tst
)
3363 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
3364 OSSL_PROVIDER
*tmpnullprov
= NULL
;
3365 EVP_PKEY_CTX
*pctx
= NULL
;
3366 const char *keytype
= NULL
;
3367 int expect_null
= 0;
3370 if (!TEST_ptr(tmpctx
))
3373 tmpnullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
3374 if (!TEST_ptr(tmpnullprov
))
3378 * We check for certain algos in the null provider.
3379 * If an algo is expected to have a provider keymgmt, constructing an
3380 * EVP_PKEY_CTX is expected to fail (return NULL).
3381 * Otherwise, if it's expected to have legacy support, constructing an
3382 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3392 #ifdef OPENSSL_NO_EC
3393 TEST_info("EC disable, skipping SM2 check...");
3396 #ifdef OPENSSL_NO_SM2
3397 TEST_info("SM2 disable, skipping SM2 check...");
3402 TEST_error("No test for case %d", tst
);
3406 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
3407 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
3410 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3416 EVP_PKEY_CTX_free(pctx
);
3417 OSSL_PROVIDER_unload(tmpnullprov
);
3418 OSSL_LIB_CTX_free(tmpctx
);
3422 static int test_rand_agglomeration(void)
3426 OSSL_PARAM params
[3], *p
= params
;
3428 unsigned int step
= 7;
3429 static unsigned char seed
[] = "It does not matter how slowly you go "
3430 "as long as you do not stop.";
3431 unsigned char out
[sizeof(seed
)];
3433 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
3434 || !TEST_ptr(rand
= EVP_RAND_fetch(testctx
, "TEST-RAND", testpropq
)))
3436 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
3437 EVP_RAND_free(rand
);
3441 memset(out
, 0, sizeof(out
));
3442 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
3443 seed
, sizeof(seed
));
3444 *p
++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST
, &step
);
3445 *p
= OSSL_PARAM_construct_end();
3446 res
= TEST_true(EVP_RAND_CTX_set_params(ctx
, params
))
3447 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
3448 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
3449 EVP_RAND_CTX_free(ctx
);
3454 * Test that we correctly return the original or "running" IV after
3455 * an encryption operation.
3456 * Run multiple times for some different relevant algorithms/modes.
3458 static int test_evp_iv_aes(int idx
)
3461 EVP_CIPHER_CTX
*ctx
= NULL
;
3462 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3463 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3464 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
3465 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3466 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3467 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3468 9, 10, 11, 12, 13, 14, 15, 16 };
3469 unsigned char ciphertext
[32], oiv
[16], iv
[16];
3470 unsigned char *ref_iv
;
3471 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3472 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3474 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3475 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3476 unsigned char cfb_state
[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3477 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3478 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3479 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3480 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3481 #ifndef OPENSSL_NO_OCB
3482 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3483 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3485 int len
= sizeof(ciphertext
);
3486 size_t ivlen
, ref_len
;
3487 const EVP_CIPHER
*type
= NULL
;
3490 if (nullprov
!= NULL
&& idx
< 6)
3491 return TEST_skip("Test does not support a non-default library context");
3495 type
= EVP_aes_128_cbc();
3498 type
= (type
!= NULL
) ? type
:
3499 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", testpropq
);
3501 ref_len
= sizeof(cbc_state
);
3505 type
= EVP_aes_128_ofb();
3508 type
= (type
!= NULL
) ? type
:
3509 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", testpropq
);
3511 ref_len
= sizeof(ofb_state
);
3515 type
= EVP_aes_128_cfb();
3518 type
= (type
!= NULL
) ? type
:
3519 EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
);
3521 ref_len
= sizeof(cfb_state
);
3525 type
= EVP_aes_128_gcm();
3528 type
= (type
!= NULL
) ? type
:
3529 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", testpropq
);
3531 ref_len
= sizeof(gcm_state
);
3534 type
= EVP_aes_128_ccm();
3537 type
= (type
!= NULL
) ? type
:
3538 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", testpropq
);
3540 ref_len
= sizeof(ccm_state
);
3542 #ifdef OPENSSL_NO_OCB
3548 type
= EVP_aes_128_ocb();
3551 type
= (type
!= NULL
) ? type
:
3552 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", testpropq
);
3554 ref_len
= sizeof(ocb_state
);
3562 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3563 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3564 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3566 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3567 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3568 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3570 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3572 if (!TEST_int_gt(ivlen
, 0))
3575 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3576 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3579 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3580 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3581 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3584 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3587 if (!TEST_mem_eq(ref_iv
, ivlen
, iv
, ivlen
))
3593 EVP_CIPHER_CTX_free(ctx
);
3595 EVP_CIPHER_free((EVP_CIPHER
*)type
);
3599 #ifndef OPENSSL_NO_DES
3600 static int test_evp_iv_des(int idx
)
3603 EVP_CIPHER_CTX
*ctx
= NULL
;
3604 static const unsigned char key
[24] = {
3605 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3606 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3607 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3609 static const unsigned char init_iv
[8] = {
3610 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3612 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3613 9, 10, 11, 12, 13, 14, 15, 16 };
3614 unsigned char ciphertext
[32], oiv
[8], iv
[8];
3615 unsigned const char *ref_iv
;
3616 static const unsigned char cbc_state_des
[8] = {
3617 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3619 static const unsigned char cbc_state_3des
[8] = {
3620 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3622 static const unsigned char ofb_state_des
[8] = {
3623 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3625 static const unsigned char ofb_state_3des
[8] = {
3626 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3628 static const unsigned char cfb_state_des
[8] = {
3629 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3631 static const unsigned char cfb_state_3des
[8] = {
3632 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3634 int len
= sizeof(ciphertext
);
3635 size_t ivlen
, ref_len
;
3636 EVP_CIPHER
*type
= NULL
;
3638 if (lgcyprov
== NULL
&& idx
< 3)
3639 return TEST_skip("Test requires legacy provider to be loaded");
3643 type
= EVP_CIPHER_fetch(testctx
, "des-cbc", testpropq
);
3644 ref_iv
= cbc_state_des
;
3645 ref_len
= sizeof(cbc_state_des
);
3648 type
= EVP_CIPHER_fetch(testctx
, "des-ofb", testpropq
);
3649 ref_iv
= ofb_state_des
;
3650 ref_len
= sizeof(ofb_state_des
);
3653 type
= EVP_CIPHER_fetch(testctx
, "des-cfb", testpropq
);
3654 ref_iv
= cfb_state_des
;
3655 ref_len
= sizeof(cfb_state_des
);
3658 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cbc", testpropq
);
3659 ref_iv
= cbc_state_3des
;
3660 ref_len
= sizeof(cbc_state_3des
);
3663 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-ofb", testpropq
);
3664 ref_iv
= ofb_state_3des
;
3665 ref_len
= sizeof(ofb_state_3des
);
3668 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cfb", testpropq
);
3669 ref_iv
= cfb_state_3des
;
3670 ref_len
= sizeof(cfb_state_3des
);
3677 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3678 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3679 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3681 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3682 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3683 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3685 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3687 if (!TEST_int_gt(ivlen
, 0))
3690 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3691 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3694 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3695 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3697 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3702 EVP_CIPHER_CTX_free(ctx
);
3703 EVP_CIPHER_free(type
);
3708 #ifndef OPENSSL_NO_BF
3709 static int test_evp_bf_default_keylen(int idx
)
3712 static const char *algos
[4] = {
3713 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3715 int ivlen
[4] = { 0, 8, 8, 8 };
3716 EVP_CIPHER
*cipher
= NULL
;
3718 if (lgcyprov
== NULL
)
3719 return TEST_skip("Test requires legacy provider to be loaded");
3721 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, algos
[idx
], testpropq
))
3722 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher
), 16)
3723 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher
), ivlen
[idx
]))
3728 EVP_CIPHER_free(cipher
);
3733 #ifndef OPENSSL_NO_EC
3734 static int ecpub_nids
[] = {
3735 NID_brainpoolP256r1
, NID_X9_62_prime256v1
,
3736 NID_secp384r1
, NID_secp521r1
,
3737 # ifndef OPENSSL_NO_EC2M
3738 NID_sect233k1
, NID_sect233r1
, NID_sect283r1
,
3739 NID_sect409k1
, NID_sect409r1
, NID_sect571k1
, NID_sect571r1
,
3741 NID_brainpoolP384r1
, NID_brainpoolP512r1
3744 static int test_ecpub(int idx
)
3746 int ret
= 0, len
, savelen
;
3748 unsigned char buf
[1024];
3750 EVP_PKEY
*pkey
= NULL
;
3751 EVP_PKEY_CTX
*ctx
= NULL
;
3752 # ifndef OPENSSL_NO_DEPRECATED_3_0
3753 const unsigned char *q
;
3754 EVP_PKEY
*pkey2
= NULL
;
3758 if (nullprov
!= NULL
)
3759 return TEST_skip("Test does not support a non-default library context");
3761 nid
= ecpub_nids
[idx
];
3763 ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
3765 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3766 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, nid
), 0)
3767 || !TEST_true(EVP_PKEY_keygen(ctx
, &pkey
)))
3769 len
= i2d_PublicKey(pkey
, NULL
);
3771 if (!TEST_int_ge(len
, 1)
3772 || !TEST_int_lt(len
, 1024))
3775 len
= i2d_PublicKey(pkey
, &p
);
3776 if (!TEST_int_ge(len
, 1)
3777 || !TEST_int_eq(len
, savelen
))
3780 # ifndef OPENSSL_NO_DEPRECATED_3_0
3781 /* Now try to decode the just-created DER. */
3783 if (!TEST_ptr((pkey2
= EVP_PKEY_new()))
3784 || !TEST_ptr((ec
= EC_KEY_new_by_curve_name(nid
)))
3785 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2
, ec
)))
3787 /* EC_KEY ownership transferred */
3789 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC
, &pkey2
, &q
, savelen
)))
3791 /* The keys should match. */
3792 if (!TEST_int_eq(EVP_PKEY_eq(pkey
, pkey2
), 1))
3799 EVP_PKEY_CTX_free(ctx
);
3800 EVP_PKEY_free(pkey
);
3801 # ifndef OPENSSL_NO_DEPRECATED_3_0
3802 EVP_PKEY_free(pkey2
);
3809 static int test_EVP_rsa_pss_with_keygen_bits(void)
3812 EVP_PKEY_CTX
*ctx
= NULL
;
3813 EVP_PKEY
*pkey
= NULL
;
3816 md
= EVP_MD_fetch(testctx
, "sha256", testpropq
);
3818 && TEST_ptr((ctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA-PSS", testpropq
)))
3819 && TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3820 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, 512), 0)
3821 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx
, md
), 0)
3822 && TEST_true(EVP_PKEY_keygen(ctx
, &pkey
));
3825 EVP_PKEY_free(pkey
);
3826 EVP_PKEY_CTX_free(ctx
);
3830 static int test_EVP_rsa_pss_set_saltlen(void)
3833 EVP_PKEY
*pkey
= NULL
;
3834 EVP_PKEY_CTX
*pkey_ctx
= NULL
;
3835 EVP_MD
*sha256
= NULL
;
3836 EVP_MD_CTX
*sha256_ctx
= NULL
;
3837 int saltlen
= 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3838 const int test_value
= 32;
3840 ret
= TEST_ptr(pkey
= load_example_rsa_key())
3841 && TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", NULL
))
3842 && TEST_ptr(sha256_ctx
= EVP_MD_CTX_new())
3843 && TEST_true(EVP_DigestSignInit(sha256_ctx
, &pkey_ctx
, sha256
, NULL
, pkey
))
3844 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx
, RSA_PKCS1_PSS_PADDING
))
3845 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx
, test_value
), 0)
3846 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx
, &saltlen
), 0)
3847 && TEST_int_eq(saltlen
, test_value
);
3849 EVP_MD_CTX_free(sha256_ctx
);
3850 EVP_PKEY_free(pkey
);
3851 EVP_MD_free(sha256
);
3856 static int success
= 1;
3857 static void md_names(const char *name
, void *vctx
)
3859 OSSL_LIB_CTX
*ctx
= (OSSL_LIB_CTX
*)vctx
;
3860 /* Force a namemap update */
3861 EVP_CIPHER
*aes128
= EVP_CIPHER_fetch(ctx
, "AES-128-CBC", NULL
);
3863 if (!TEST_ptr(aes128
))
3866 EVP_CIPHER_free(aes128
);
3870 * Test that changing the namemap in a user callback works in a names_do_all
3873 static int test_names_do_all(void)
3875 /* We use a custom libctx so that we know the state of the namemap */
3876 OSSL_LIB_CTX
*ctx
= OSSL_LIB_CTX_new();
3877 EVP_MD
*sha256
= NULL
;
3883 sha256
= EVP_MD_fetch(ctx
, "SHA2-256", NULL
);
3884 if (!TEST_ptr(sha256
))
3888 * We loop through all the names for a given digest. This should still work
3889 * even if the namemap changes part way through.
3891 if (!TEST_true(EVP_MD_names_do_all(sha256
, md_names
, ctx
)))
3894 if (!TEST_true(success
))
3899 EVP_MD_free(sha256
);
3900 OSSL_LIB_CTX_free(ctx
);
3906 const unsigned char *key
;
3907 const unsigned char *iv
;
3908 const unsigned char *input
;
3909 const unsigned char *expected
;
3910 const unsigned char *tag
;
3911 size_t ivlen
; /* 0 if we do not need to set a specific IV len */
3920 static const EVP_INIT_TEST_st evp_init_tests
[] = {
3922 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3923 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3927 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3928 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3929 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3930 sizeof(gcmDefaultTag
), 1, 0, 1
3933 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3934 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3938 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3939 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3940 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3941 sizeof(gcmDefaultTag
), 0, 0, 1
3944 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3945 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3949 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3950 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3951 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3952 sizeof(gcmDefaultTag
), 1, 1, 0
3955 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3956 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3960 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3961 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3962 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3963 sizeof(gcmDefaultTag
), 0, 1, 0
3967 /* use same key, iv and plaintext for cfb and ofb */
3968 static const EVP_INIT_TEST_st evp_reinit_tests
[] = {
3970 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext_partial
,
3971 cfbCiphertext_partial
, NULL
, 0, sizeof(cfbPlaintext_partial
),
3972 sizeof(cfbCiphertext_partial
), 0, 0, 1, 0
3975 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext_partial
,
3976 cfbPlaintext_partial
, NULL
, 0, sizeof(cfbCiphertext_partial
),
3977 sizeof(cfbPlaintext_partial
), 0, 0, 0, 0
3980 "aes-128-ofb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext_partial
,
3981 ofbCiphertext_partial
, NULL
, 0, sizeof(cfbPlaintext_partial
),
3982 sizeof(ofbCiphertext_partial
), 0, 0, 1, 0
3985 "aes-128-ofb", kCFBDefaultKey
, iCFBIV
, ofbCiphertext_partial
,
3986 cfbPlaintext_partial
, NULL
, 0, sizeof(ofbCiphertext_partial
),
3987 sizeof(cfbPlaintext_partial
), 0, 0, 0, 0
3991 static int evp_init_seq_set_iv(EVP_CIPHER_CTX
*ctx
, const EVP_INIT_TEST_st
*t
)
3995 if (t
->ivlen
!= 0) {
3996 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen
, NULL
), 0))
3999 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv
, -1)))
4007 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
4008 * arguments are given one at a time and a final adjustment to the enc
4009 * parameter sets the correct operation.
4011 static int test_evp_init_seq(int idx
)
4013 int outlen1
, outlen2
;
4015 unsigned char outbuf
[1024];
4016 unsigned char tag
[16];
4017 const EVP_INIT_TEST_st
*t
= &evp_init_tests
[idx
];
4018 EVP_CIPHER_CTX
*ctx
= NULL
;
4019 EVP_CIPHER
*type
= NULL
;
4020 size_t taglen
= sizeof(tag
);
4021 char *errmsg
= NULL
;
4023 ctx
= EVP_CIPHER_CTX_new();
4025 errmsg
= "CTX_ALLOC";
4028 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
))) {
4029 errmsg
= "CIPHER_FETCH";
4032 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, t
->initenc
))) {
4033 errmsg
= "EMPTY_ENC_INIT";
4036 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
4040 if (t
->keyfirst
&& !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
4041 errmsg
= "KEY_INIT (before iv)";
4044 if (!evp_init_seq_set_iv(ctx
, t
)) {
4048 if (t
->keyfirst
== 0 && !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
4049 errmsg
= "KEY_INIT (after iv)";
4052 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, t
->finalenc
))) {
4053 errmsg
= "FINAL_ENC_INIT";
4056 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
4057 errmsg
= "CIPHER_UPDATE";
4060 if (t
->finalenc
== 0 && t
->tag
!= NULL
) {
4061 /* Set expected tag */
4062 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
,
4063 t
->taglen
, (void *)t
->tag
), 0)) {
4068 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
4069 errmsg
= "CIPHER_FINAL";
4072 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
4073 errmsg
= "WRONG_RESULT";
4076 if (t
->finalenc
!= 0 && t
->tag
!= NULL
) {
4077 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
), 0)) {
4081 if (!TEST_mem_eq(t
->tag
, t
->taglen
, tag
, taglen
)) {
4082 errmsg
= "TAG_ERROR";
4089 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
4090 EVP_CIPHER_CTX_free(ctx
);
4091 EVP_CIPHER_free(type
);
4096 * Test re-initialization of cipher context without changing key or iv.
4097 * The result of both iteration should be the same.
4099 static int test_evp_reinit_seq(int idx
)
4101 int outlen1
, outlen2
, outlen_final
;
4103 unsigned char outbuf1
[1024];
4104 unsigned char outbuf2
[1024];
4105 const EVP_INIT_TEST_st
*t
= &evp_reinit_tests
[idx
];
4106 EVP_CIPHER_CTX
*ctx
= NULL
;
4107 EVP_CIPHER
*type
= NULL
;
4109 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
4110 || !TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
))
4111 /* setup cipher context */
4112 || !TEST_true(EVP_CipherInit_ex2(ctx
, type
, t
->key
, t
->iv
, t
->initenc
, NULL
))
4113 /* first iteration */
4114 || !TEST_true(EVP_CipherUpdate(ctx
, outbuf1
, &outlen1
, t
->input
, t
->inlen
))
4115 || !TEST_true(EVP_CipherFinal_ex(ctx
, outbuf1
, &outlen_final
))
4116 /* check test results iteration 1 */
4117 || !TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf1
, outlen1
+ outlen_final
)
4118 /* now re-init the context (same cipher, key and iv) */
4119 || !TEST_true(EVP_CipherInit_ex2(ctx
, NULL
, NULL
, NULL
, -1, NULL
))
4120 /* second iteration */
4121 || !TEST_true(EVP_CipherUpdate(ctx
, outbuf2
, &outlen2
, t
->input
, t
->inlen
))
4122 || !TEST_true(EVP_CipherFinal_ex(ctx
, outbuf2
, &outlen_final
))
4123 /* check test results iteration 2 */
4124 || !TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf2
, outlen2
+ outlen_final
))
4128 EVP_CIPHER_CTX_free(ctx
);
4129 EVP_CIPHER_free(type
);
4134 const unsigned char *input
;
4135 const unsigned char *expected
;
4139 } EVP_RESET_TEST_st
;
4141 static const EVP_RESET_TEST_st evp_reset_tests
[] = {
4143 cfbPlaintext
, cfbCiphertext
,
4144 sizeof(cfbPlaintext
), sizeof(cfbCiphertext
), 1
4147 cfbCiphertext
, cfbPlaintext
,
4148 sizeof(cfbCiphertext
), sizeof(cfbPlaintext
), 0
4153 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
4156 static int test_evp_reset(int idx
)
4158 const EVP_RESET_TEST_st
*t
= &evp_reset_tests
[idx
];
4159 int outlen1
, outlen2
;
4161 unsigned char outbuf
[1024];
4162 EVP_CIPHER_CTX
*ctx
= NULL
;
4163 EVP_CIPHER
*type
= NULL
;
4164 char *errmsg
= NULL
;
4166 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
4167 errmsg
= "CTX_ALLOC";
4170 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
))) {
4171 errmsg
= "CIPHER_FETCH";
4174 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
4175 errmsg
= "CIPHER_INIT";
4178 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
4182 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
4183 errmsg
= "CIPHER_UPDATE";
4186 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
4187 errmsg
= "CIPHER_FINAL";
4190 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
4191 errmsg
= "WRONG_RESULT";
4194 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, -1))) {
4195 errmsg
= "CIPHER_REINIT";
4198 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
4199 errmsg
= "CIPHER_UPDATE (reinit)";
4202 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
4203 errmsg
= "CIPHER_FINAL (reinit)";
4206 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
4207 errmsg
= "WRONG_RESULT (reinit)";
4213 TEST_info("test_evp_reset %d: %s", idx
, errmsg
);
4214 EVP_CIPHER_CTX_free(ctx
);
4215 EVP_CIPHER_free(type
);
4222 } EVP_UPDATED_IV_TEST_st
;
4224 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests
[] = {
4264 * Test that the IV in the context is updated during a crypto operation for CFB
4267 static int test_evp_updated_iv(int idx
)
4269 const EVP_UPDATED_IV_TEST_st
*t
= &evp_updated_iv_tests
[idx
];
4270 int outlen1
, outlen2
;
4272 unsigned char outbuf
[1024];
4273 EVP_CIPHER_CTX
*ctx
= NULL
;
4274 EVP_CIPHER
*type
= NULL
;
4275 unsigned char updated_iv
[EVP_MAX_IV_LENGTH
];
4277 char *errmsg
= NULL
;
4279 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
4280 errmsg
= "CTX_ALLOC";
4283 if ((type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
)) == NULL
) {
4284 TEST_info("cipher %s not supported, skipping", t
->cipher
);
4288 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
4289 errmsg
= "CIPHER_INIT";
4292 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
4296 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, cfbPlaintext
, sizeof(cfbPlaintext
)))) {
4297 errmsg
= "CIPHER_UPDATE";
4300 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, updated_iv
, sizeof(updated_iv
)))) {
4301 errmsg
= "CIPHER_CTX_GET_UPDATED_IV";
4304 iv_len
= EVP_CIPHER_CTX_get_iv_length(ctx
);
4305 if (!TEST_int_ge(iv_len
,0)) {
4306 errmsg
= "CIPHER_CTX_GET_IV_LEN";
4309 if (!TEST_mem_ne(iCFBIV
, sizeof(iCFBIV
), updated_iv
, iv_len
)) {
4310 errmsg
= "IV_NOT_UPDATED";
4313 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
4314 errmsg
= "CIPHER_FINAL";
4321 TEST_info("test_evp_updated_iv %d: %s", idx
, errmsg
);
4322 EVP_CIPHER_CTX_free(ctx
);
4323 EVP_CIPHER_free(type
);
4328 const unsigned char *iv1
;
4329 const unsigned char *iv2
;
4330 const unsigned char *expected1
;
4331 const unsigned char *expected2
;
4332 const unsigned char *tag1
;
4333 const unsigned char *tag2
;
4336 size_t expectedlen1
;
4337 size_t expectedlen2
;
4338 } TEST_GCM_IV_REINIT_st
;
4340 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests
[] = {
4342 iGCMResetIV1
, iGCMResetIV2
, gcmResetCiphertext1
, gcmResetCiphertext2
,
4343 gcmResetTag1
, gcmResetTag2
, sizeof(iGCMResetIV1
), sizeof(iGCMResetIV2
),
4344 sizeof(gcmResetCiphertext1
), sizeof(gcmResetCiphertext2
)
4347 iGCMResetIV2
, iGCMResetIV1
, gcmResetCiphertext2
, gcmResetCiphertext1
,
4348 gcmResetTag2
, gcmResetTag1
, sizeof(iGCMResetIV2
), sizeof(iGCMResetIV1
),
4349 sizeof(gcmResetCiphertext2
), sizeof(gcmResetCiphertext1
)
4353 static int test_gcm_reinit(int idx
)
4355 int outlen1
, outlen2
, outlen3
;
4357 unsigned char outbuf
[1024];
4358 unsigned char tag
[16];
4359 const TEST_GCM_IV_REINIT_st
*t
= &gcm_reinit_tests
[idx
];
4360 EVP_CIPHER_CTX
*ctx
= NULL
;
4361 EVP_CIPHER
*type
= NULL
;
4362 size_t taglen
= sizeof(tag
);
4363 char *errmsg
= NULL
;
4365 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
4366 errmsg
= "CTX_ALLOC";
4369 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-256-gcm", testpropq
))) {
4370 errmsg
= "CIPHER_FETCH";
4373 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, 1))) {
4374 errmsg
= "ENC_INIT";
4377 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen1
, NULL
), 0)) {
4378 errmsg
= "SET_IVLEN1";
4381 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, kGCMResetKey
, t
->iv1
, 1))) {
4385 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
4389 EVP_CIPHER_CTX_set_padding(ctx
, 0);
4390 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
4391 sizeof(gcmResetPlaintext
)))) {
4392 errmsg
= "CIPHER_UPDATE1";
4395 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
4396 errmsg
= "CIPHER_FINAL1";
4399 if (!TEST_mem_eq(t
->expected1
, t
->expectedlen1
, outbuf
, outlen1
+ outlen2
)) {
4400 errmsg
= "WRONG_RESULT1";
4403 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
), 0)) {
4404 errmsg
= "GET_TAG1";
4407 if (!TEST_mem_eq(t
->tag1
, taglen
, tag
, taglen
)) {
4408 errmsg
= "TAG_ERROR1";
4412 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen2
, NULL
), 0)) {
4413 errmsg
= "SET_IVLEN2";
4416 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv2
, -1))) {
4420 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
4424 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
4425 sizeof(gcmResetPlaintext
)))) {
4426 errmsg
= "CIPHER_UPDATE2";
4429 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
4430 errmsg
= "CIPHER_FINAL2";
4433 if (!TEST_mem_eq(t
->expected2
, t
->expectedlen2
, outbuf
, outlen1
+ outlen2
)) {
4434 errmsg
= "WRONG_RESULT2";
4437 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
), 0)) {
4438 errmsg
= "GET_TAG2";
4441 if (!TEST_mem_eq(t
->tag2
, taglen
, tag
, taglen
)) {
4442 errmsg
= "TAG_ERROR2";
4448 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
4449 EVP_CIPHER_CTX_free(ctx
);
4450 EVP_CIPHER_free(type
);
4454 static const char *ivlen_change_ciphers
[] = {
4456 #ifndef OPENSSL_NO_OCB
4462 /* Negative test for ivlen change after iv being set */
4463 static int test_ivlen_change(int idx
)
4467 unsigned char outbuf
[1024];
4468 static const unsigned char iv
[] = {
4469 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4470 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4472 EVP_CIPHER_CTX
*ctx
= NULL
;
4473 EVP_CIPHER
*ciph
= NULL
;
4474 OSSL_PARAM params
[] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
4475 size_t ivlen
= 13; /* non-default IV length */
4477 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new()))
4480 if (!TEST_ptr(ciph
= EVP_CIPHER_fetch(testctx
, ivlen_change_ciphers
[idx
],
4484 if (!TEST_true(EVP_CipherInit_ex(ctx
, ciph
, NULL
, kGCMDefaultKey
, iv
, 1)))
4487 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen
, gcmDefaultPlaintext
,
4488 sizeof(gcmDefaultPlaintext
))))
4491 params
[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN
,
4493 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx
, params
)))
4497 if (!TEST_false(EVP_CipherUpdate(ctx
, outbuf
, &outlen
, gcmDefaultPlaintext
,
4498 sizeof(gcmDefaultPlaintext
)))) {
4499 ERR_clear_last_mark();
4506 EVP_CIPHER_CTX_free(ctx
);
4507 EVP_CIPHER_free(ciph
);
4511 static const char *keylen_change_ciphers
[] = {
4512 #ifndef OPENSSL_NO_BF
4515 #ifndef OPENSSL_NO_CAST
4518 #ifndef OPENSSL_NO_RC2
4521 #ifndef OPENSSL_NO_RC4
4524 #ifndef OPENSSL_NO_RC5
4530 /* Negative test for keylen change after key was set */
4531 static int test_keylen_change(int idx
)
4535 unsigned char outbuf
[1024];
4536 static const unsigned char key
[] = {
4537 0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
4538 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34
4540 EVP_CIPHER_CTX
*ctx
= NULL
;
4541 EVP_CIPHER
*ciph
= NULL
;
4542 OSSL_PARAM params
[] = { OSSL_PARAM_END
, OSSL_PARAM_END
};
4543 size_t keylen
= 12; /* non-default key length */
4545 if (lgcyprov
== NULL
)
4546 return TEST_skip("Test requires legacy provider to be loaded");
4548 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new()))
4551 if (!TEST_ptr(ciph
= EVP_CIPHER_fetch(testctx
, keylen_change_ciphers
[idx
],
4555 if (!TEST_true(EVP_CipherInit_ex(ctx
, ciph
, NULL
, key
, NULL
, 1)))
4558 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen
, gcmDefaultPlaintext
,
4559 sizeof(gcmDefaultPlaintext
))))
4562 params
[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN
,
4564 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx
, params
)))
4568 if (!TEST_false(EVP_CipherUpdate(ctx
, outbuf
, &outlen
, gcmDefaultPlaintext
,
4569 sizeof(gcmDefaultPlaintext
)))) {
4570 ERR_clear_last_mark();
4577 EVP_CIPHER_CTX_free(ctx
);
4578 EVP_CIPHER_free(ciph
);
4582 #ifndef OPENSSL_NO_DEPRECATED_3_0
4583 static EVP_PKEY_METHOD
*custom_pmeth
= NULL
;
4584 static const EVP_PKEY_METHOD
*orig_pmeth
= NULL
;
4586 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4588 static int custom_pmeth_init(EVP_PKEY_CTX
*ctx
)
4590 int (*pinit
)(EVP_PKEY_CTX
*ctx
);
4592 EVP_PKEY_meth_get_init(orig_pmeth
, &pinit
);
4596 static void custom_pmeth_cleanup(EVP_PKEY_CTX
*ctx
)
4598 void (*pcleanup
)(EVP_PKEY_CTX
*ctx
);
4600 EVP_PKEY_meth_get_cleanup(orig_pmeth
, &pcleanup
);
4604 static int custom_pmeth_sign(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
4605 size_t *outlen
, const unsigned char *in
,
4608 int (*psign
)(EVP_PKEY_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
4609 const unsigned char *tbs
, size_t tbslen
);
4611 EVP_PKEY_meth_get_sign(orig_pmeth
, NULL
, &psign
);
4612 return psign(ctx
, out
, outlen
, in
, inlen
);
4615 static int custom_pmeth_digestsign(EVP_MD_CTX
*ctx
, unsigned char *sig
,
4616 size_t *siglen
, const unsigned char *tbs
,
4619 int (*pdigestsign
)(EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
4620 const unsigned char *tbs
, size_t tbslen
);
4622 EVP_PKEY_meth_get_digestsign(orig_pmeth
, &pdigestsign
);
4623 return pdigestsign(ctx
, sig
, siglen
, tbs
, tbslen
);
4626 static int custom_pmeth_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
,
4629 int (*pderive
)(EVP_PKEY_CTX
*ctx
, unsigned char *key
, size_t *keylen
);
4631 EVP_PKEY_meth_get_derive(orig_pmeth
, NULL
, &pderive
);
4632 return pderive(ctx
, key
, keylen
);
4635 static int custom_pmeth_copy(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
)
4637 int (*pcopy
)(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
);
4639 EVP_PKEY_meth_get_copy(orig_pmeth
, &pcopy
);
4640 return pcopy(dst
, src
);
4643 static int ctrl_called
;
4645 static int custom_pmeth_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
4647 int (*pctrl
)(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
4649 EVP_PKEY_meth_get_ctrl(orig_pmeth
, &pctrl
, NULL
);
4651 if (type
== EVP_PKEY_CTRL_MY_COMMAND
) {
4656 return pctrl(ctx
, type
, p1
, p2
);
4659 static int test_custom_pmeth(int idx
)
4661 EVP_PKEY_CTX
*pctx
= NULL
;
4662 EVP_MD_CTX
*ctx
= NULL
;
4663 EVP_PKEY
*pkey
= NULL
;
4664 int id
, orig_id
, orig_flags
;
4667 unsigned char *res
= NULL
;
4668 unsigned char msg
[] = { 'H', 'e', 'l', 'l', 'o' };
4669 const EVP_MD
*md
= EVP_sha256();
4674 /* We call deprecated APIs so this test doesn't support a custom libctx */
4675 if (testctx
!= NULL
)
4682 pkey
= load_example_rsa_key();
4686 # ifndef OPENSSL_NO_DSA
4688 pkey
= load_example_dsa_key();
4695 # ifndef OPENSSL_NO_EC
4697 pkey
= load_example_ec_key();
4704 # ifndef OPENSSL_NO_ECX
4705 id
= EVP_PKEY_ED25519
;
4707 pkey
= load_example_ed25519_key();
4714 # ifndef OPENSSL_NO_DH
4717 pkey
= load_example_dh_key();
4724 # ifndef OPENSSL_NO_ECX
4725 id
= EVP_PKEY_X25519
;
4727 pkey
= load_example_x25519_key();
4733 TEST_error("Should not happen");
4737 if (!TEST_ptr(pkey
))
4741 if (!TEST_true(evp_pkey_is_provided(pkey
)))
4744 EVP_PKEY
*tmp
= pkey
;
4746 /* Convert to a legacy key */
4747 pkey
= EVP_PKEY_new();
4748 if (!TEST_ptr(pkey
)) {
4752 if (!TEST_true(evp_pkey_copy_downgraded(&pkey
, tmp
))) {
4757 if (!TEST_true(evp_pkey_is_legacy(pkey
)))
4761 if (!TEST_ptr(orig_pmeth
= EVP_PKEY_meth_find(id
))
4765 EVP_PKEY_meth_get0_info(&orig_id
, &orig_flags
, orig_pmeth
);
4766 if (!TEST_int_eq(orig_id
, id
)
4767 || !TEST_ptr(custom_pmeth
= EVP_PKEY_meth_new(id
, orig_flags
)))
4770 if (id
== EVP_PKEY_ED25519
) {
4771 EVP_PKEY_meth_set_digestsign(custom_pmeth
, custom_pmeth_digestsign
);
4772 } if (id
== EVP_PKEY_DH
|| id
== EVP_PKEY_X25519
) {
4773 EVP_PKEY_meth_set_derive(custom_pmeth
, NULL
, custom_pmeth_derive
);
4775 EVP_PKEY_meth_set_sign(custom_pmeth
, NULL
, custom_pmeth_sign
);
4777 if (id
!= EVP_PKEY_ED25519
&& id
!= EVP_PKEY_X25519
) {
4778 EVP_PKEY_meth_set_init(custom_pmeth
, custom_pmeth_init
);
4779 EVP_PKEY_meth_set_cleanup(custom_pmeth
, custom_pmeth_cleanup
);
4780 EVP_PKEY_meth_set_copy(custom_pmeth
, custom_pmeth_copy
);
4782 EVP_PKEY_meth_set_ctrl(custom_pmeth
, custom_pmeth_ctrl
, NULL
);
4783 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth
)))
4787 pctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
4789 || !TEST_int_eq(EVP_PKEY_derive_init(pctx
), 1)
4790 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4791 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4793 || !TEST_int_eq(ctrl_called
, 1)
4794 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx
, pkey
), 1)
4795 || !TEST_int_ge(EVP_PKEY_derive(pctx
, NULL
, &reslen
), 1)
4796 || !TEST_ptr(res
= OPENSSL_malloc(reslen
))
4797 || !TEST_int_ge(EVP_PKEY_derive(pctx
, res
, &reslen
), 1))
4800 ctx
= EVP_MD_CTX_new();
4801 reslen
= EVP_PKEY_size(pkey
);
4802 res
= OPENSSL_malloc(reslen
);
4805 || !TEST_true(EVP_DigestSignInit(ctx
, &pctx
, md
, NULL
, pkey
))
4806 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4807 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4809 || !TEST_int_eq(ctrl_called
, 1))
4812 if (id
== EVP_PKEY_ED25519
) {
4813 if (!TEST_true(EVP_DigestSign(ctx
, res
, &reslen
, msg
, sizeof(msg
))))
4816 if (!TEST_true(EVP_DigestUpdate(ctx
, msg
, sizeof(msg
)))
4817 || !TEST_true(EVP_DigestSignFinal(ctx
, res
, &reslen
)))
4825 EVP_MD_CTX_free(ctx
);
4827 EVP_PKEY_CTX_free(pctx
);
4828 EVP_PKEY_free(pkey
);
4829 EVP_PKEY_meth_remove(custom_pmeth
);
4830 EVP_PKEY_meth_free(custom_pmeth
);
4831 custom_pmeth
= NULL
;
4835 static int test_evp_md_cipher_meth(void)
4837 EVP_MD
*md
= EVP_MD_meth_dup(EVP_sha256());
4838 EVP_CIPHER
*ciph
= EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4841 if (!TEST_ptr(md
) || !TEST_ptr(ciph
))
4847 EVP_MD_meth_free(md
);
4848 EVP_CIPHER_meth_free(ciph
);
4857 static int custom_md_init_called
= 0;
4858 static int custom_md_cleanup_called
= 0;
4860 static int custom_md_init(EVP_MD_CTX
*ctx
)
4862 custom_dgst_ctx
*p
= EVP_MD_CTX_md_data(ctx
);
4867 custom_md_init_called
++;
4871 static int custom_md_cleanup(EVP_MD_CTX
*ctx
)
4873 custom_dgst_ctx
*p
= EVP_MD_CTX_md_data(ctx
);
4879 custom_md_cleanup_called
++;
4883 static int test_custom_md_meth(void)
4885 EVP_MD_CTX
*mdctx
= NULL
;
4887 char mess
[] = "Test Message\n";
4888 unsigned char md_value
[EVP_MAX_MD_SIZE
];
4889 unsigned int md_len
;
4894 * We are testing deprecated functions. We don't support a non-default
4895 * library context in this test.
4897 if (testctx
!= NULL
)
4898 return TEST_skip("Non-default libctx");
4900 custom_md_init_called
= custom_md_cleanup_called
= 0;
4902 nid
= OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4903 if (!TEST_int_ne(nid
, NID_undef
))
4905 tmp
= EVP_MD_meth_new(nid
, NID_undef
);
4909 if (!TEST_true(EVP_MD_meth_set_init(tmp
, custom_md_init
))
4910 || !TEST_true(EVP_MD_meth_set_cleanup(tmp
, custom_md_cleanup
))
4911 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp
,
4912 sizeof(custom_dgst_ctx
))))
4915 mdctx
= EVP_MD_CTX_new();
4916 if (!TEST_ptr(mdctx
)
4918 * Initing our custom md and then initing another md should
4919 * result in the init and cleanup functions of the custom md
4922 || !TEST_true(EVP_DigestInit_ex(mdctx
, tmp
, NULL
))
4923 || !TEST_true(EVP_DigestInit_ex(mdctx
, EVP_sha256(), NULL
))
4924 || !TEST_true(EVP_DigestUpdate(mdctx
, mess
, strlen(mess
)))
4925 || !TEST_true(EVP_DigestFinal_ex(mdctx
, md_value
, &md_len
))
4926 || !TEST_int_eq(custom_md_init_called
, 1)
4927 || !TEST_int_eq(custom_md_cleanup_called
, 1))
4932 EVP_MD_CTX_free(mdctx
);
4933 EVP_MD_meth_free(tmp
);
4941 static int custom_ciph_init_called
= 0;
4942 static int custom_ciph_cleanup_called
= 0;
4944 static int custom_ciph_init(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
4945 const unsigned char *iv
, int enc
)
4947 custom_ciph_ctx
*p
= EVP_CIPHER_CTX_get_cipher_data(ctx
);
4952 custom_ciph_init_called
++;
4956 static int custom_ciph_cleanup(EVP_CIPHER_CTX
*ctx
)
4958 custom_ciph_ctx
*p
= EVP_CIPHER_CTX_get_cipher_data(ctx
);
4964 custom_ciph_cleanup_called
++;
4968 static int test_custom_ciph_meth(void)
4970 EVP_CIPHER_CTX
*ciphctx
= NULL
;
4971 EVP_CIPHER
*tmp
= NULL
;
4976 * We are testing deprecated functions. We don't support a non-default
4977 * library context in this test.
4979 if (testctx
!= NULL
)
4980 return TEST_skip("Non-default libctx");
4982 custom_ciph_init_called
= custom_ciph_cleanup_called
= 0;
4984 nid
= OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4985 if (!TEST_int_ne(nid
, NID_undef
))
4987 tmp
= EVP_CIPHER_meth_new(nid
, 16, 16);
4991 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp
, custom_ciph_init
))
4992 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp
, EVP_CIPH_ALWAYS_CALL_INIT
))
4993 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp
, custom_ciph_cleanup
))
4994 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp
,
4995 sizeof(custom_ciph_ctx
))))
4998 ciphctx
= EVP_CIPHER_CTX_new();
4999 if (!TEST_ptr(ciphctx
)
5001 * Initing our custom cipher and then initing another cipher
5002 * should result in the init and cleanup functions of the custom
5003 * cipher being called.
5005 || !TEST_true(EVP_CipherInit_ex(ciphctx
, tmp
, NULL
, NULL
, NULL
, 1))
5006 || !TEST_true(EVP_CipherInit_ex(ciphctx
, EVP_aes_128_cbc(), NULL
,
5008 || !TEST_int_eq(custom_ciph_init_called
, 1)
5009 || !TEST_int_eq(custom_ciph_cleanup_called
, 1))
5014 EVP_CIPHER_CTX_free(ciphctx
);
5015 EVP_CIPHER_meth_free(tmp
);
5019 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5020 /* Test we can create a signature keys with an associated ENGINE */
5021 static int test_signatures_with_engine(int tst
)
5024 const char *engine_id
= "dasync";
5025 EVP_PKEY
*pkey
= NULL
;
5026 const unsigned char badcmackey
[] = { 0x00, 0x01 };
5027 const unsigned char cmackey
[] = {
5028 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5029 0x0c, 0x0d, 0x0e, 0x0f
5031 const unsigned char ed25519key
[] = {
5032 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5033 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
5034 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
5036 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
5038 EVP_MD_CTX
*ctx
= NULL
;
5039 unsigned char *mac
= NULL
;
5043 # ifdef OPENSSL_NO_CMAC
5044 /* Skip CMAC tests in a no-cmac build */
5048 # ifdef OPENSSL_NO_ECX
5049 /* Skip ECX tests in a no-ecx build */
5054 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
5057 if (!TEST_true(ENGINE_init(e
))) {
5064 pkey
= EVP_PKEY_new_CMAC_key(e
, cmackey
, sizeof(cmackey
),
5068 pkey
= EVP_PKEY_new_CMAC_key(e
, badcmackey
, sizeof(badcmackey
),
5072 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519
, e
, ed25519key
,
5073 sizeof(ed25519key
));
5076 TEST_error("Invalid test case");
5079 if (!TEST_ptr(pkey
))
5082 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
5085 ret
= EVP_DigestSignInit(ctx
, NULL
, tst
== 2 ? NULL
: EVP_sha256(), NULL
,
5088 if (!TEST_true(ret
))
5091 if (!TEST_true(EVP_DigestSignUpdate(ctx
, msg
, sizeof(msg
)))
5092 || !TEST_true(EVP_DigestSignFinal(ctx
, NULL
, &maclen
)))
5095 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
5098 if (!TEST_true(EVP_DigestSignFinal(ctx
, mac
, &maclen
)))
5101 /* We used a bad key. We expect a failure here */
5102 if (!TEST_false(ret
))
5108 EVP_MD_CTX_free(ctx
);
5110 EVP_PKEY_free(pkey
);
5117 static int test_cipher_with_engine(void)
5120 const char *engine_id
= "dasync";
5121 const unsigned char keyiv
[] = {
5122 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
5123 0x0c, 0x0d, 0x0e, 0x0f
5125 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
5127 EVP_CIPHER_CTX
*ctx
= NULL
, *ctx2
= NULL
;
5128 unsigned char buf
[AES_BLOCK_SIZE
];
5131 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
5134 if (!TEST_true(ENGINE_init(e
))) {
5139 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
5140 || !TEST_ptr(ctx2
= EVP_CIPHER_CTX_new()))
5143 if (!TEST_true(EVP_EncryptInit_ex(ctx
, EVP_aes_128_cbc(), e
, keyiv
, keyiv
)))
5146 /* Copy the ctx, and complete the operation with the new ctx */
5147 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2
, ctx
)))
5150 if (!TEST_true(EVP_EncryptUpdate(ctx2
, buf
, &len
, msg
, sizeof(msg
)))
5151 || !TEST_true(EVP_EncryptFinal_ex(ctx2
, buf
+ len
, &len
)))
5156 EVP_CIPHER_CTX_free(ctx
);
5157 EVP_CIPHER_CTX_free(ctx2
);
5163 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
5164 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
5166 #ifndef OPENSSL_NO_ECX
5167 static int ecxnids
[] = {
5174 /* Test that creating ECX keys with a short private key fails as expected */
5175 static int test_ecx_short_keys(int tst
)
5177 unsigned char ecxkeydata
= 1;
5181 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, OBJ_nid2sn(ecxnids
[tst
]),
5182 NULL
, &ecxkeydata
, 1);
5183 if (!TEST_ptr_null(pkey
)) {
5184 EVP_PKEY_free(pkey
);
5192 typedef enum OPTION_choice
{
5199 const OPTIONS
*test_get_options(void)
5201 static const OPTIONS options
[] = {
5202 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
5203 { "context", OPT_CONTEXT
, '-', "Explicitly use a non-default library context" },
5209 #ifndef OPENSSL_NO_ECX
5210 /* Test that trying to sign with a public key errors out gracefully */
5211 static int test_ecx_not_private_key(int tst
)
5213 EVP_PKEY
*pkey
= NULL
;
5215 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
5217 EVP_MD_CTX
*ctx
= NULL
;
5218 unsigned char *mac
= NULL
;
5220 unsigned char *pubkey
;
5223 switch (keys
[tst
].type
) {
5226 return TEST_skip("signing not supported for X25519/X448");
5229 /* Check if this algorithm supports public keys */
5230 if (keys
[tst
].pub
== NULL
)
5231 return TEST_skip("no public key present");
5233 pubkey
= (unsigned char *)keys
[tst
].pub
;
5234 pubkeylen
= strlen(keys
[tst
].pub
);
5236 pkey
= EVP_PKEY_new_raw_public_key_ex(testctx
, OBJ_nid2sn(keys
[tst
].type
),
5237 NULL
, pubkey
, pubkeylen
);
5238 if (!TEST_ptr(pkey
))
5241 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
5244 if (EVP_DigestSignInit(ctx
, NULL
, NULL
, NULL
, pkey
) != 1)
5247 if (EVP_DigestSign(ctx
, NULL
, &maclen
, msg
, sizeof(msg
)) != 1)
5250 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
5253 if (!TEST_int_eq(EVP_DigestSign(ctx
, mac
, &maclen
, msg
, sizeof(msg
)), 0))
5258 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
5259 * but we relax the check to allow error also thrown by
5260 * EVP_DigestSignInit and EVP_DigestSign.
5262 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY
) {
5268 EVP_MD_CTX_free(ctx
);
5270 EVP_PKEY_free(pkey
);
5274 #endif /* OPENSSL_NO_ECX */
5276 static int test_sign_continuation(void)
5278 OSSL_PROVIDER
*fake_rsa
= NULL
;
5280 EVP_PKEY
*pkey
= NULL
;
5281 EVP_PKEY_CTX
*pctx
= NULL
;
5282 EVP_MD_CTX
*mctx
= NULL
;
5283 const char sigbuf
[] = "To Be Signed";
5284 unsigned char signature
[256];
5285 size_t siglen
= 256;
5286 static int nodupnum
= 1;
5287 static const OSSL_PARAM nodup_params
[] = {
5288 OSSL_PARAM_int("NO_DUP", &nodupnum
),
5292 if (!TEST_ptr(fake_rsa
= fake_rsa_start(testctx
)))
5295 /* Construct a pkey using precise propq to use our provider */
5296 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA",
5297 "provider=fake-rsa"))
5298 || !TEST_true(EVP_PKEY_fromdata_init(pctx
))
5299 || !TEST_true(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
, NULL
))
5303 /* First test it continues (classic behavior) */
5304 if (!TEST_ptr(mctx
= EVP_MD_CTX_new())
5305 || !TEST_true(EVP_DigestSignInit_ex(mctx
, NULL
, NULL
, testctx
,
5307 || !TEST_true(EVP_DigestSignUpdate(mctx
, sigbuf
, sizeof(sigbuf
)))
5308 || !TEST_true(EVP_DigestSignFinal(mctx
, signature
, &siglen
))
5309 || !TEST_true(EVP_DigestSignUpdate(mctx
, sigbuf
, sizeof(sigbuf
)))
5310 || !TEST_true(EVP_DigestSignFinal(mctx
, signature
, &siglen
)))
5313 EVP_MD_CTX_free(mctx
);
5315 /* try again but failing the continuation */
5316 if (!TEST_ptr(mctx
= EVP_MD_CTX_new())
5317 || !TEST_true(EVP_DigestSignInit_ex(mctx
, NULL
, NULL
, testctx
,
5318 NULL
, pkey
, nodup_params
))
5319 || !TEST_true(EVP_DigestSignUpdate(mctx
, sigbuf
, sizeof(sigbuf
)))
5320 || !TEST_true(EVP_DigestSignFinal(mctx
, signature
, &siglen
))
5321 || !TEST_false(EVP_DigestSignUpdate(mctx
, sigbuf
, sizeof(sigbuf
)))
5322 || !TEST_false(EVP_DigestSignFinal(mctx
, signature
, &siglen
)))
5328 EVP_MD_CTX_free(mctx
);
5329 EVP_PKEY_free(pkey
);
5330 EVP_PKEY_CTX_free(pctx
);
5331 fake_rsa_finish(fake_rsa
);
5335 static int aes_gcm_encrypt(const unsigned char *gcm_key
, size_t gcm_key_s
,
5336 const unsigned char *gcm_iv
, size_t gcm_ivlen
,
5337 const unsigned char *gcm_pt
, size_t gcm_pt_s
,
5338 const unsigned char *gcm_aad
, size_t gcm_aad_s
,
5339 const unsigned char *gcm_ct
, size_t gcm_ct_s
,
5340 const unsigned char *gcm_tag
, size_t gcm_tag_s
)
5343 EVP_CIPHER_CTX
*ctx
;
5344 EVP_CIPHER
*cipher
= NULL
;
5346 unsigned char outbuf
[1024];
5347 unsigned char outtag
[16];
5348 OSSL_PARAM params
[2] = {
5349 OSSL_PARAM_END
, OSSL_PARAM_END
5352 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
5353 || !TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "AES-256-GCM", "")))
5356 params
[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN
,
5359 if (!TEST_true(EVP_EncryptInit_ex2(ctx
, cipher
, gcm_key
, gcm_iv
, params
))
5361 && !TEST_true(EVP_EncryptUpdate(ctx
, NULL
, &outlen
,
5362 gcm_aad
, gcm_aad_s
)))
5363 || !TEST_true(EVP_EncryptUpdate(ctx
, outbuf
, &outlen
,
5365 || !TEST_true(EVP_EncryptFinal_ex(ctx
, outbuf
, &tmplen
)))
5368 params
[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG
,
5369 outtag
, sizeof(outtag
));
5371 if (!TEST_true(EVP_CIPHER_CTX_get_params(ctx
, params
))
5372 || !TEST_mem_eq(outbuf
, outlen
, gcm_ct
, gcm_ct_s
)
5373 || !TEST_mem_eq(outtag
, gcm_tag_s
, gcm_tag
, gcm_tag_s
))
5378 EVP_CIPHER_free(cipher
);
5379 EVP_CIPHER_CTX_free(ctx
);
5384 static int aes_gcm_decrypt(const unsigned char *gcm_key
, size_t gcm_key_s
,
5385 const unsigned char *gcm_iv
, size_t gcm_ivlen
,
5386 const unsigned char *gcm_pt
, size_t gcm_pt_s
,
5387 const unsigned char *gcm_aad
, size_t gcm_aad_s
,
5388 const unsigned char *gcm_ct
, size_t gcm_ct_s
,
5389 const unsigned char *gcm_tag
, size_t gcm_tag_s
)
5392 EVP_CIPHER_CTX
*ctx
;
5393 EVP_CIPHER
*cipher
= NULL
;
5395 unsigned char outbuf
[1024];
5396 OSSL_PARAM params
[2] = {
5397 OSSL_PARAM_END
, OSSL_PARAM_END
5400 if ((ctx
= EVP_CIPHER_CTX_new()) == NULL
)
5403 if ((cipher
= EVP_CIPHER_fetch(testctx
, "AES-256-GCM", "")) == NULL
)
5406 params
[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_AEAD_IVLEN
,
5409 if (!TEST_true(EVP_DecryptInit_ex2(ctx
, cipher
, gcm_key
, gcm_iv
, params
))
5411 && !TEST_true(EVP_DecryptUpdate(ctx
, NULL
, &outlen
,
5412 gcm_aad
, gcm_aad_s
)))
5413 || !TEST_true(EVP_DecryptUpdate(ctx
, outbuf
, &outlen
,
5415 || !TEST_mem_eq(outbuf
, outlen
, gcm_pt
, gcm_pt_s
))
5418 params
[0] = OSSL_PARAM_construct_octet_string(OSSL_CIPHER_PARAM_AEAD_TAG
,
5419 (void*)gcm_tag
, gcm_tag_s
);
5421 if (!TEST_true(EVP_CIPHER_CTX_set_params(ctx
, params
))
5422 ||!TEST_true(EVP_DecryptFinal_ex(ctx
, outbuf
, &outlen
)))
5427 EVP_CIPHER_free(cipher
);
5428 EVP_CIPHER_CTX_free(ctx
);
5433 static int test_aes_gcm_ivlen_change_cve_2023_5363(void)
5435 /* AES-GCM test data obtained from NIST public test vectors */
5436 static const unsigned char gcm_key
[] = {
5437 0xd0, 0xc2, 0x67, 0xc1, 0x9f, 0x30, 0xd8, 0x0b, 0x89, 0x14, 0xbb, 0xbf,
5438 0xb7, 0x2f, 0x73, 0xb8, 0xd3, 0xcd, 0x5f, 0x6a, 0x78, 0x70, 0x15, 0x84,
5439 0x8a, 0x7b, 0x30, 0xe3, 0x8f, 0x16, 0xf1, 0x8b,
5441 static const unsigned char gcm_iv
[] = {
5442 0xb6, 0xdc, 0xda, 0x95, 0xac, 0x99, 0x77, 0x76, 0x25, 0xae, 0x87, 0xf8,
5443 0xa3, 0xa9, 0xdd, 0x64, 0xd7, 0x9b, 0xbd, 0x5f, 0x4a, 0x0e, 0x54, 0xca,
5444 0x1a, 0x9f, 0xa2, 0xe3, 0xf4, 0x5f, 0x5f, 0xc2, 0xce, 0xa7, 0xb6, 0x14,
5445 0x12, 0x6f, 0xf0, 0xaf, 0xfd, 0x3e, 0x17, 0x35, 0x6e, 0xa0, 0x16, 0x09,
5446 0xdd, 0xa1, 0x3f, 0xd8, 0xdd, 0xf3, 0xdf, 0x4f, 0xcb, 0x18, 0x49, 0xb8,
5447 0xb3, 0x69, 0x2c, 0x5d, 0x4f, 0xad, 0x30, 0x91, 0x08, 0xbc, 0xbe, 0x24,
5448 0x01, 0x0f, 0xbe, 0x9c, 0xfb, 0x4f, 0x5d, 0x19, 0x7f, 0x4c, 0x53, 0xb0,
5449 0x95, 0x90, 0xac, 0x7b, 0x1f, 0x7b, 0xa0, 0x99, 0xe1, 0xf3, 0x48, 0x54,
5450 0xd0, 0xfc, 0xa9, 0xcc, 0x91, 0xf8, 0x1f, 0x9b, 0x6c, 0x9a, 0xe0, 0xdc,
5451 0x63, 0xea, 0x7d, 0x2a, 0x4a, 0x7d, 0xa5, 0xed, 0x68, 0x57, 0x27, 0x6b,
5452 0x68, 0xe0, 0xf2, 0xb8, 0x51, 0x50, 0x8d, 0x3d,
5454 static const unsigned char gcm_pt
[] = {
5455 0xb8, 0xb6, 0x88, 0x36, 0x44, 0xe2, 0x34, 0xdf, 0x24, 0x32, 0x91, 0x07,
5456 0x4f, 0xe3, 0x6f, 0x81,
5458 static const unsigned char gcm_ct
[] = {
5459 0xff, 0x4f, 0xb3, 0xf3, 0xf9, 0xa2, 0x51, 0xd4, 0x82, 0xc2, 0xbe, 0xf3,
5460 0xe2, 0xd0, 0xec, 0xed,
5462 static const unsigned char gcm_tag
[] = {
5463 0xbd, 0x06, 0x38, 0x09, 0xf7, 0xe1, 0xc4, 0x72, 0x0e, 0xf2, 0xea, 0x63,
5464 0xdb, 0x99, 0x6c, 0x21,
5467 return aes_gcm_encrypt(gcm_key
, sizeof(gcm_key
), gcm_iv
, sizeof(gcm_iv
),
5468 gcm_pt
, sizeof(gcm_pt
), NULL
, 0,
5469 gcm_ct
, sizeof(gcm_ct
), gcm_tag
, sizeof(gcm_tag
))
5470 && aes_gcm_decrypt(gcm_key
, sizeof(gcm_key
), gcm_iv
, sizeof(gcm_iv
),
5471 gcm_pt
, sizeof(gcm_pt
), NULL
, 0,
5472 gcm_ct
, sizeof(gcm_ct
), gcm_tag
, sizeof(gcm_tag
));
5475 #ifndef OPENSSL_NO_RC4
5476 static int rc4_encrypt(const unsigned char *rc4_key
, size_t rc4_key_s
,
5477 const unsigned char *rc4_pt
, size_t rc4_pt_s
,
5478 const unsigned char *rc4_ct
, size_t rc4_ct_s
)
5481 EVP_CIPHER_CTX
*ctx
;
5482 EVP_CIPHER
*cipher
= NULL
;
5484 unsigned char outbuf
[1024];
5485 OSSL_PARAM params
[2] = {
5486 OSSL_PARAM_END
, OSSL_PARAM_END
5489 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
5490 || !TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "RC4", "")))
5493 params
[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN
,
5496 if (!TEST_true(EVP_EncryptInit_ex2(ctx
, cipher
, rc4_key
, NULL
, params
))
5497 || !TEST_true(EVP_EncryptUpdate(ctx
, outbuf
, &outlen
,
5499 || !TEST_true(EVP_EncryptFinal_ex(ctx
, outbuf
, &tmplen
)))
5502 if (!TEST_mem_eq(outbuf
, outlen
, rc4_ct
, rc4_ct_s
))
5507 EVP_CIPHER_free(cipher
);
5508 EVP_CIPHER_CTX_free(ctx
);
5513 static int rc4_decrypt(const unsigned char *rc4_key
, size_t rc4_key_s
,
5514 const unsigned char *rc4_pt
, size_t rc4_pt_s
,
5515 const unsigned char *rc4_ct
, size_t rc4_ct_s
)
5518 EVP_CIPHER_CTX
*ctx
;
5519 EVP_CIPHER
*cipher
= NULL
;
5521 unsigned char outbuf
[1024];
5522 OSSL_PARAM params
[2] = {
5523 OSSL_PARAM_END
, OSSL_PARAM_END
5526 if ((ctx
= EVP_CIPHER_CTX_new()) == NULL
)
5529 if ((cipher
= EVP_CIPHER_fetch(testctx
, "RC4", "")) == NULL
)
5532 params
[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN
,
5535 if (!TEST_true(EVP_DecryptInit_ex2(ctx
, cipher
, rc4_key
, NULL
, params
))
5536 || !TEST_true(EVP_DecryptUpdate(ctx
, outbuf
, &outlen
,
5538 || !TEST_mem_eq(outbuf
, outlen
, rc4_pt
, rc4_pt_s
))
5543 EVP_CIPHER_free(cipher
);
5544 EVP_CIPHER_CTX_free(ctx
);
5549 static int test_aes_rc4_keylen_change_cve_2023_5363(void)
5551 /* RC4 test data obtained from RFC 6229 */
5552 static const struct {
5553 unsigned char key
[5];
5554 unsigned char padding
[11];
5556 { /* Five bytes of key material */
5557 0x83, 0x32, 0x22, 0x77, 0x2a,
5559 { /* Random padding to 16 bytes */
5560 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a, 0xaa, 0x32, 0x91
5563 static const unsigned char rc4_pt
[] = {
5564 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
5565 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
5567 static const unsigned char rc4_ct
[] = {
5568 0x80, 0xad, 0x97, 0xbd, 0xc9, 0x73, 0xdf, 0x8a,
5569 0x2e, 0x87, 0x9e, 0x92, 0xa4, 0x97, 0xef, 0xda
5572 if (lgcyprov
== NULL
)
5573 return TEST_skip("Test requires legacy provider to be loaded");
5575 return rc4_encrypt(rc4_key
.key
, sizeof(rc4_key
.key
),
5576 rc4_pt
, sizeof(rc4_pt
), rc4_ct
, sizeof(rc4_ct
))
5577 && rc4_decrypt(rc4_key
.key
, sizeof(rc4_key
.key
),
5578 rc4_pt
, sizeof(rc4_pt
), rc4_ct
, sizeof(rc4_ct
));
5582 int setup_tests(void)
5586 while ((o
= opt_next()) != OPT_EOF
) {
5589 /* Set up an alternate library context */
5590 testctx
= OSSL_LIB_CTX_new();
5591 if (!TEST_ptr(testctx
))
5593 #ifdef STATIC_LEGACY
5595 * This test is always statically linked against libcrypto. We must not
5596 * attempt to load legacy.so that might be dynamically linked against
5597 * libcrypto. Instead we use a built-in version of the legacy provider.
5599 if (!OSSL_PROVIDER_add_builtin(testctx
, "legacy", ossl_legacy_provider_init
))
5602 /* Swap the libctx to test non-default context only */
5603 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
5604 deflprov
= OSSL_PROVIDER_load(testctx
, "default");
5605 #ifndef OPENSSL_SYS_TANDEM
5606 lgcyprov
= OSSL_PROVIDER_load(testctx
, "legacy");
5609 case OPT_TEST_CASES
:
5616 ADD_TEST(test_EVP_set_default_properties
);
5617 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 30);
5618 ADD_TEST(test_EVP_DigestVerifyInit
);
5619 #ifndef OPENSSL_NO_SIPHASH
5620 ADD_TEST(test_siphash_digestsign
);
5622 ADD_TEST(test_EVP_Digest
);
5623 ADD_TEST(test_EVP_md_null
);
5624 ADD_ALL_TESTS(test_EVP_PKEY_sign
, 3);
5625 #ifndef OPENSSL_NO_DEPRECATED_3_0
5626 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method
, 2);
5628 ADD_ALL_TESTS(test_EVP_Enveloped
, 2);
5629 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
5630 ADD_TEST(test_privatekey_to_pkcs8
);
5631 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag
);
5632 #ifndef OPENSSL_NO_EC
5633 ADD_TEST(test_EVP_PKCS82PKEY
);
5635 #ifndef OPENSSL_NO_EC
5636 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
5638 #if !defined(OPENSSL_NO_SM2)
5639 ADD_TEST(test_EVP_SM2
);
5640 ADD_TEST(test_EVP_SM2_verify
);
5642 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
5643 #ifndef OPENSSL_NO_DEPRECATED_3_0
5644 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
5645 if (!TEST_ptr(custom_pmeth
))
5647 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
5648 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
5649 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
5650 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
5653 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
5654 #ifndef OPENSSL_NO_CMAC
5655 ADD_TEST(test_CMAC_keygen
);
5657 ADD_TEST(test_HKDF
);
5658 ADD_TEST(test_emptyikm_HKDF
);
5659 #ifndef OPENSSL_NO_EC
5660 ADD_TEST(test_X509_PUBKEY_inplace
);
5661 ADD_TEST(test_X509_PUBKEY_dup
);
5662 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
5663 OSSL_NELEM(ec_der_pub_keys
));
5665 #ifndef OPENSSL_NO_DSA
5666 ADD_TEST(test_DSA_get_set_params
);
5667 ADD_TEST(test_DSA_priv_pub
);
5669 ADD_TEST(test_RSA_get_set_params
);
5670 ADD_TEST(test_RSA_OAEP_set_get_params
);
5671 ADD_TEST(test_RSA_OAEP_set_null_label
);
5672 #ifndef OPENSSL_NO_DEPRECATED_3_0
5673 ADD_TEST(test_RSA_legacy
);
5675 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
5676 ADD_TEST(test_decrypt_null_chunks
);
5678 #ifndef OPENSSL_NO_DH
5679 ADD_TEST(test_DH_priv_pub
);
5680 # ifndef OPENSSL_NO_DEPRECATED_3_0
5681 ADD_TEST(test_EVP_PKEY_set1_DH
);
5684 #ifndef OPENSSL_NO_EC
5685 ADD_TEST(test_EC_priv_pub
);
5686 ADD_TEST(test_evp_get_ec_pub
);
5687 # ifndef OPENSSL_NO_DEPRECATED_3_0
5688 ADD_TEST(test_EC_priv_only_legacy
);
5689 ADD_TEST(test_evp_get_ec_pub_legacy
);
5692 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
5693 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
5695 ADD_TEST(test_rand_agglomeration
);
5696 ADD_ALL_TESTS(test_evp_iv_aes
, 12);
5697 #ifndef OPENSSL_NO_DES
5698 ADD_ALL_TESTS(test_evp_iv_des
, 6);
5700 #ifndef OPENSSL_NO_BF
5701 ADD_ALL_TESTS(test_evp_bf_default_keylen
, 4);
5703 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits
);
5704 ADD_TEST(test_EVP_rsa_pss_set_saltlen
);
5705 #ifndef OPENSSL_NO_EC
5706 ADD_ALL_TESTS(test_ecpub
, OSSL_NELEM(ecpub_nids
));
5709 ADD_TEST(test_names_do_all
);
5711 ADD_ALL_TESTS(test_evp_init_seq
, OSSL_NELEM(evp_init_tests
));
5712 ADD_ALL_TESTS(test_evp_reset
, OSSL_NELEM(evp_reset_tests
));
5713 ADD_ALL_TESTS(test_evp_reinit_seq
, OSSL_NELEM(evp_reinit_tests
));
5714 ADD_ALL_TESTS(test_gcm_reinit
, OSSL_NELEM(gcm_reinit_tests
));
5715 ADD_ALL_TESTS(test_evp_updated_iv
, OSSL_NELEM(evp_updated_iv_tests
));
5716 ADD_ALL_TESTS(test_ivlen_change
, OSSL_NELEM(ivlen_change_ciphers
));
5717 if (OSSL_NELEM(keylen_change_ciphers
) - 1 > 0)
5718 ADD_ALL_TESTS(test_keylen_change
, OSSL_NELEM(keylen_change_ciphers
) - 1);
5720 #ifndef OPENSSL_NO_DEPRECATED_3_0
5721 ADD_ALL_TESTS(test_custom_pmeth
, 12);
5722 ADD_TEST(test_evp_md_cipher_meth
);
5723 ADD_TEST(test_custom_md_meth
);
5724 ADD_TEST(test_custom_ciph_meth
);
5726 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5727 /* Tests only support the default libctx */
5728 if (testctx
== NULL
) {
5729 # ifndef OPENSSL_NO_EC
5730 ADD_ALL_TESTS(test_signatures_with_engine
, 3);
5732 ADD_ALL_TESTS(test_signatures_with_engine
, 2);
5734 ADD_TEST(test_cipher_with_engine
);
5739 #ifndef OPENSSL_NO_ECX
5740 ADD_ALL_TESTS(test_ecx_short_keys
, OSSL_NELEM(ecxnids
));
5741 ADD_ALL_TESTS(test_ecx_not_private_key
, OSSL_NELEM(keys
));
5744 ADD_TEST(test_sign_continuation
);
5746 /* Test cases for CVE-2023-5363 */
5747 ADD_TEST(test_aes_gcm_ivlen_change_cve_2023_5363
);
5748 #ifndef OPENSSL_NO_RC4
5749 ADD_TEST(test_aes_rc4_keylen_change_cve_2023_5363
);
5755 void cleanup_tests(void)
5757 OSSL_PROVIDER_unload(nullprov
);
5758 OSSL_PROVIDER_unload(deflprov
);
5759 #ifndef OPENSSL_SYS_TANDEM
5760 OSSL_PROVIDER_unload(lgcyprov
);
5762 OSSL_LIB_CTX_free(testctx
);