2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
40 static OSSL_LIB_CTX
*testctx
= NULL
;
41 static char *testpropq
= NULL
;
43 static OSSL_PROVIDER
*nullprov
= NULL
;
44 static OSSL_PROVIDER
*deflprov
= NULL
;
45 static OSSL_PROVIDER
*lgcyprov
= NULL
;
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
51 static const unsigned char kExampleRSAKeyDER
[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER
[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
156 static const unsigned char kExampleBadRSAKeyDER
[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
248 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
250 static const unsigned char kSignature
[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
268 static const unsigned char kExampleRSAKeyPKCS8
[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
324 #ifndef OPENSSL_NO_EC
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
329 static const unsigned char kExampleECKeyDER
[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
347 static const unsigned char kExampleBadECKeyDER
[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
360 static const unsigned char kExampleECPubKeyDER
[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
375 static const unsigned char kExampleBadECPubKeyDER
[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
386 static const unsigned char pExampleECParamDER
[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
390 static const unsigned char kExampleED25519KeyDER
[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
397 static const unsigned char kExampleED25519PubKeyDER
[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER
[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER
[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
447 static const unsigned char kCFBDefaultKey
[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
452 static const unsigned char kGCMDefaultKey
[32] = { 0 };
454 static const unsigned char kGCMResetKey
[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
460 static const unsigned char iCFBIV
[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
465 static const unsigned char iGCMDefaultIV
[12] = { 0 };
467 static const unsigned char iGCMResetIV1
[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
471 static const unsigned char iGCMResetIV2
[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
475 static const unsigned char cfbPlaintext
[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
480 static const unsigned char gcmDefaultPlaintext
[16] = { 0 };
482 static const unsigned char gcmResetPlaintext
[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
490 static const unsigned char cfbCiphertext
[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
495 static const unsigned char gcmDefaultCiphertext
[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
500 static const unsigned char gcmResetCiphertext1
[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
508 static const unsigned char gcmResetCiphertext2
[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
516 static const unsigned char gcmAAD
[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
521 static const unsigned char gcmDefaultTag
[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
526 static const unsigned char gcmResetTag1
[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
531 static const unsigned char gcmResetTag2
[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
536 typedef struct APK_DATA_st
{
537 const unsigned char *kder
;
544 int type
; /* 0 for private, 1 for public, 2 for params */
547 static APK_DATA keydata
[] = {
548 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
},
549 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), "RSA", EVP_PKEY_RSA
},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
}
555 static APK_DATA keycheckdata
[] = {
556 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
, 1, 1, 1,
558 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), "RSA", EVP_PKEY_RSA
,
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), "EC", EVP_PKEY_EC
, 0, 1,
565 {pExampleECParamDER
, sizeof(pExampleECParamDER
), "EC", EVP_PKEY_EC
, 0, 0, 1,
567 {kExampleED25519KeyDER
, sizeof(kExampleED25519KeyDER
), "ED25519",
568 EVP_PKEY_ED25519
, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER
, sizeof(kExampleED25519PubKeyDER
), "ED25519",
570 EVP_PKEY_ED25519
, 0, 1, 1, 1},
574 static EVP_PKEY
*load_example_key(const char *keytype
,
575 const unsigned char *data
, size_t data_len
)
577 const unsigned char **pdata
= &data
;
578 EVP_PKEY
*pkey
= NULL
;
579 OSSL_DECODER_CTX
*dctx
=
580 OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", NULL
, keytype
, 0,
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
585 OSSL_DECODER_CTX_free(dctx
);
589 static EVP_PKEY
*load_example_rsa_key(void)
591 return load_example_key("RSA", kExampleRSAKeyDER
,
592 sizeof(kExampleRSAKeyDER
));
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY
*load_example_dsa_key(void)
598 return load_example_key("DSA", kExampleDSAKeyDER
,
599 sizeof(kExampleDSAKeyDER
));
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY
*load_example_ec_key(void)
606 return load_example_key("EC", kExampleECKeyDER
,
607 sizeof(kExampleECKeyDER
));
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY
*load_example_dh_key(void)
615 return load_example_key("DH", kExampleDHKeyDER
,
616 sizeof(kExampleDHKeyDER
));
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY
*load_example_ed25519_key(void)
623 return load_example_key("ED25519", kExampleED25519KeyDER
,
624 sizeof(kExampleED25519KeyDER
));
627 static EVP_PKEY
*load_example_x25519_key(void)
629 return load_example_key("X25519", kExampleX25519KeyDER
,
630 sizeof(kExampleX25519KeyDER
));
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
635 static EVP_PKEY
*load_example_hmac_key(void)
637 EVP_PKEY
*pkey
= NULL
;
638 unsigned char key
[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
644 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, "HMAC",
645 NULL
, key
, sizeof(key
));
652 static int test_EVP_set_default_properties(void)
658 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
659 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
664 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
665 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
666 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
671 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
672 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
677 OSSL_LIB_CTX_free(ctx
);
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static int test_fromdata(char *keytype
, int selection
, OSSL_PARAM
*params
)
684 EVP_PKEY_CTX
*pctx
= NULL
;
685 EVP_PKEY
*pkey
= NULL
;
688 BIO
*bio
= BIO_new(BIO_s_mem());
690 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, keytype
, testpropq
)))
692 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
693 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
700 /* Check we can use the resulting key */
701 ret
= PEM_write_bio_PUBKEY(bio
, pkey
);
702 if ((selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0) {
706 if (!TEST_false(ret
))
709 ret
= PEM_write_bio_PrivateKey_ex(bio
, pkey
, NULL
, NULL
, 0, NULL
, NULL
,
711 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
715 if (!TEST_false(ret
))
722 EVP_PKEY_CTX_free(pctx
);
727 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
730 * Test combinations of private, public, missing and private + public key
731 * params to ensure they are all accepted
733 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
734 static int test_EVP_PKEY_ffc_priv_pub(char *keytype
)
736 OSSL_PARAM_BLD
*bld
= NULL
;
737 OSSL_PARAM
*params
= NULL
;
738 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
742 * Setup the parameters for our pkey object. For our purposes they don't
743 * have to actually be *valid* parameters. We just need to set something.
745 if (!TEST_ptr(p
= BN_new())
746 || !TEST_ptr(q
= BN_new())
747 || !TEST_ptr(g
= BN_new())
748 || !TEST_ptr(pub
= BN_new())
749 || !TEST_ptr(priv
= BN_new()))
752 /* Test !priv and !pub */
753 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
754 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
755 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
756 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
)))
758 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
761 if (!test_fromdata(keytype
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
, params
))
763 OSSL_PARAM_free(params
);
765 OSSL_PARAM_BLD_free(bld
);
767 /* Test priv and !pub */
768 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
769 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
770 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
771 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
772 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
775 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
778 if (!test_fromdata(keytype
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
, params
))
780 OSSL_PARAM_free(params
);
782 OSSL_PARAM_BLD_free(bld
);
784 /* Test !priv and pub */
785 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
792 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
795 if (!test_fromdata(keytype
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
, params
))
797 OSSL_PARAM_free(params
);
799 OSSL_PARAM_BLD_free(bld
);
801 /* Test priv and pub */
802 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
804 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
811 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
814 if (!test_fromdata(keytype
, EVP_PKEY_KEYPAIR
, params
))
819 OSSL_PARAM_free(params
);
820 OSSL_PARAM_BLD_free(bld
);
829 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
832 * Test combinations of private, public, missing and private + public key
833 * params to ensure they are all accepted for EC keys
835 #ifndef OPENSSL_NO_EC
836 static unsigned char ec_priv
[] = {
837 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
838 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
839 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
841 static unsigned char ec_pub
[] = {
842 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
843 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
844 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
845 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
846 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
847 0x08, 0x09, 0xb8, 0xdb, 0x03
850 static int test_EC_priv_pub(void)
852 OSSL_PARAM_BLD
*bld
= NULL
;
853 OSSL_PARAM
*params
= NULL
;
858 * Setup the parameters for our pkey object. For our purposes they don't
859 * have to actually be *valid* parameters. We just need to set something.
861 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
864 /* Test !priv and !pub */
865 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
866 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
867 OSSL_PKEY_PARAM_GROUP_NAME
,
870 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
873 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
, params
))
875 OSSL_PARAM_free(params
);
877 OSSL_PARAM_BLD_free(bld
);
879 /* Test priv and !pub */
880 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
881 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
882 OSSL_PKEY_PARAM_GROUP_NAME
,
884 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
887 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
891 * We indicate only parameters here. The "EVP_PKEY_fromdata" call will do
892 * the private key anyway, but the subsequent PEM_write_bio_PrivateKey_ex
893 * call is expected to fail because PEM_write_bio_PrivateKey_ex does not
894 * support exporting a private EC key without a corresponding public key
896 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
, params
))
898 OSSL_PARAM_free(params
);
900 OSSL_PARAM_BLD_free(bld
);
902 /* Test !priv and pub */
903 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
904 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
905 OSSL_PKEY_PARAM_GROUP_NAME
,
907 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
908 OSSL_PKEY_PARAM_PUB_KEY
,
909 ec_pub
, sizeof(ec_pub
))))
911 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
914 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_PUBLIC_KEY
, params
))
916 OSSL_PARAM_free(params
);
918 OSSL_PARAM_BLD_free(bld
);
920 /* Test priv and pub */
921 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
922 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
923 OSSL_PKEY_PARAM_GROUP_NAME
,
925 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
926 OSSL_PKEY_PARAM_PUB_KEY
,
927 ec_pub
, sizeof(ec_pub
)))
928 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
931 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
934 if (!test_fromdata("EC", EVP_PKEY_KEYPAIR
, params
))
939 OSSL_PARAM_free(params
);
940 OSSL_PARAM_BLD_free(bld
);
946 /* Test that using a legacy EC key with only a private key in it works */
947 # ifndef OPENSSL_NO_DEPRECATED_3_0
948 static int test_EC_priv_only_legacy(void)
952 EC_KEY
*eckey
= NULL
;
953 EVP_PKEY
*pkey
= NULL
, *dup_pk
= NULL
;
954 EVP_MD_CTX
*ctx
= NULL
;
956 /* Create the low level EC_KEY */
957 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
960 eckey
= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
);
961 if (!TEST_ptr(eckey
))
964 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
967 pkey
= EVP_PKEY_new();
971 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
975 while (dup_pk
== NULL
) {
977 ctx
= EVP_MD_CTX_new();
982 * The EVP_DigestSignInit function should create the key on the
983 * provider side which is sufficient for this test.
985 if (!TEST_true(EVP_DigestSignInit_ex(ctx
, NULL
, NULL
, testctx
,
986 testpropq
, pkey
, NULL
)))
988 EVP_MD_CTX_free(ctx
);
991 if (!TEST_ptr(dup_pk
= EVP_PKEY_dup(pkey
)))
993 /* EVP_PKEY_eq() returns -2 with missing public keys */
994 ret
= TEST_int_eq(EVP_PKEY_eq(pkey
, dup_pk
), -2);
1002 EVP_MD_CTX_free(ctx
);
1003 EVP_PKEY_free(pkey
);
1009 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1010 #endif /* OPENSSL_NO_EC */
1012 static int test_EVP_PKEY_sign(int tst
)
1015 EVP_PKEY
*pkey
= NULL
;
1016 unsigned char *sig
= NULL
;
1017 size_t sig_len
= 0, shortsig_len
= 1;
1018 EVP_PKEY_CTX
*ctx
= NULL
;
1019 unsigned char tbs
[] = {
1020 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1021 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1025 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1027 } else if (tst
== 1) {
1028 #ifndef OPENSSL_NO_DSA
1029 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1036 #ifndef OPENSSL_NO_EC
1037 if (!TEST_ptr(pkey
= load_example_ec_key()))
1045 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1047 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1048 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1051 sig
= OPENSSL_malloc(sig_len
);
1053 /* Test sending a signature buffer that is too short is rejected */
1054 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1056 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1058 /* Test the signature round-trips */
1059 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1060 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1066 EVP_PKEY_CTX_free(ctx
);
1068 EVP_PKEY_free(pkey
);
1073 * n = 0 => test using legacy cipher
1074 * n = 1 => test using fetched cipher
1076 static int test_EVP_Enveloped(int n
)
1079 EVP_CIPHER_CTX
*ctx
= NULL
;
1080 EVP_PKEY
*keypair
= NULL
;
1081 unsigned char *kek
= NULL
;
1082 unsigned char iv
[EVP_MAX_IV_LENGTH
];
1083 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1084 int len
, kek_len
, ciphertext_len
, plaintext_len
;
1085 unsigned char ciphertext
[32], plaintext
[16];
1086 EVP_CIPHER
*type
= NULL
;
1088 if (nullprov
!= NULL
)
1089 return TEST_skip("Test does not support a non-default library context");
1092 type
= (EVP_CIPHER
*)EVP_aes_256_cbc();
1093 else if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "AES-256-CBC",
1097 if (!TEST_ptr(keypair
= load_example_rsa_key())
1098 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_get_size(keypair
)))
1099 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1100 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
1102 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
1104 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
1108 ciphertext_len
+= len
;
1110 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
1111 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
1112 ciphertext
, ciphertext_len
))
1113 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
1116 plaintext_len
+= len
;
1117 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
1123 EVP_CIPHER_free(type
);
1125 EVP_PKEY_free(keypair
);
1126 EVP_CIPHER_CTX_free(ctx
);
1131 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1132 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1133 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1134 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1135 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1136 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1137 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1138 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1139 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1140 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1141 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1142 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1143 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1144 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1145 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1146 * Test 15-29: Same as above with reinitialization
1148 static int test_EVP_DigestSignInit(int tst
)
1151 EVP_PKEY
*pkey
= NULL
;
1152 unsigned char *sig
= NULL
, *sig2
= NULL
;
1153 size_t sig_len
= 0, sig2_len
= 0, shortsig_len
= 1;
1154 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
1155 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
1156 BIO
*mdbio
= NULL
, *membio
= NULL
;
1159 EVP_MD
*mdexp
= NULL
;
1162 if (nullprov
!= NULL
)
1163 return TEST_skip("Test does not support a non-default library context");
1170 if (tst
>= 6 && tst
<= 8) {
1171 membio
= BIO_new(BIO_s_mem());
1172 mdbio
= BIO_new(BIO_f_md());
1173 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
1175 BIO_push(mdbio
, membio
);
1176 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
1179 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
1180 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
1185 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1187 } else if (tst
% 3 == 1) {
1188 #ifndef OPENSSL_NO_DSA
1189 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1196 if (!TEST_ptr(pkey
= load_example_hmac_key()))
1200 if (tst
>= 3 && tst
<= 5)
1201 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
1205 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
1208 if (reinit
&& !TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, NULL
, NULL
, NULL
)))
1211 if (tst
>= 6 && tst
<= 8) {
1212 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
1214 } else if (tst
< 6) {
1215 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1220 /* Determine the size of the signature. */
1221 if (!TEST_true(EVP_DigestSign(md_ctx
, NULL
, &sig_len
, kMsg
,
1223 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1226 /* Test that supply a short sig buffer fails */
1227 if (!TEST_false(EVP_DigestSign(md_ctx
, sig
, &shortsig_len
, kMsg
,
1231 * We end here because once EVP_DigestSign() has failed you should
1232 * not call it again without re-initing the ctx
1237 if (!TEST_true(EVP_DigestSign(md_ctx
, sig
, &sig_len
, kMsg
,
1241 /* Determine the size of the signature. */
1242 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
1243 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
1245 * Trying to create a signature with a deliberately short
1246 * buffer should fail.
1248 || !TEST_false(EVP_DigestSignFinal(md_ctx
, sig
, &shortsig_len
))
1249 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1254 * Ensure that the signature round-trips (Verification isn't supported for
1255 * HMAC via EVP_DigestVerify*)
1258 if (tst
>= 6 && tst
<= 8) {
1259 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
1260 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
1264 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
1268 if (tst
>= 6 && tst
<= 8) {
1269 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
1272 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
1276 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1279 /* Multiple calls to EVP_DigestVerifyFinal should work */
1280 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1284 * For HMAC a doubled call to DigestSignFinal should produce the same
1285 * value as finalization should not happen.
1287 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig2_len
))
1288 || !TEST_ptr(sig2
= OPENSSL_malloc(sig2_len
))
1289 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig2
, &sig2_len
)))
1292 if (!TEST_mem_eq(sig
, sig_len
, sig2
, sig2_len
))
1301 EVP_MD_CTX_free(a_md_ctx
);
1302 EVP_MD_CTX_free(a_md_ctx_verify
);
1303 EVP_PKEY_free(pkey
);
1311 static int test_EVP_DigestVerifyInit(void)
1314 EVP_PKEY
*pkey
= NULL
;
1315 EVP_MD_CTX
*md_ctx
= NULL
;
1317 if (nullprov
!= NULL
)
1318 return TEST_skip("Test does not support a non-default library context");
1320 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1321 || !TEST_ptr(pkey
= load_example_rsa_key()))
1324 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
1325 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1326 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1327 sizeof(kSignature
)), 0))
1330 /* test with reinitialization */
1331 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, NULL
, NULL
, NULL
))
1332 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1333 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1334 sizeof(kSignature
)), 0))
1339 EVP_MD_CTX_free(md_ctx
);
1340 EVP_PKEY_free(pkey
);
1344 #ifndef OPENSSL_NO_SIPHASH
1345 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1346 static int test_siphash_digestsign(void)
1348 unsigned char key
[16];
1349 unsigned char buf
[8], digest
[8];
1350 unsigned char expected
[8] = {
1351 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1353 EVP_PKEY
*pkey
= NULL
;
1354 EVP_MD_CTX
*mdctx
= NULL
;
1355 EVP_PKEY_CTX
*ctx
= NULL
;
1359 if (nullprov
!= NULL
)
1360 return TEST_skip("Test does not support a non-default library context");
1364 if (!TEST_ptr(pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH
, NULL
,
1368 if (!TEST_ptr(mdctx
= EVP_MD_CTX_create()))
1371 if (!TEST_true(EVP_DigestSignInit(mdctx
, &ctx
, NULL
, NULL
, pkey
)))
1373 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_SIGNCTX
,
1374 EVP_PKEY_CTRL_SET_DIGEST_SIZE
,
1378 if (!TEST_true(EVP_DigestSignInit(mdctx
, NULL
, NULL
, NULL
, NULL
)))
1380 if (!TEST_true(EVP_DigestSignUpdate(mdctx
, buf
, 8)))
1382 if (!TEST_true(EVP_DigestSignFinal(mdctx
, digest
, &len
)))
1384 if (!TEST_mem_eq(digest
, len
, expected
, sizeof(expected
)))
1389 EVP_PKEY_free(pkey
);
1390 EVP_MD_CTX_free(mdctx
);
1396 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1398 static int test_EVP_Digest(void)
1401 EVP_MD_CTX
*md_ctx
= NULL
;
1402 unsigned char md
[EVP_MAX_MD_SIZE
];
1403 EVP_MD
*sha256
= NULL
;
1404 EVP_MD
*shake256
= NULL
;
1406 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1409 if (!TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", testpropq
))
1410 || !TEST_ptr(shake256
= EVP_MD_fetch(testctx
, "shake256", testpropq
)))
1413 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1414 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1415 || !TEST_true(EVP_DigestFinal(md_ctx
, md
, NULL
))
1416 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1417 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx
), NULL
))
1420 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1421 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1422 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md
, NULL
))
1423 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1424 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1426 * EVP_DigestInit_ex with NULL type should work on
1427 * pre-initialized context.
1429 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1432 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, shake256
, NULL
))
1433 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1434 || !TEST_true(EVP_DigestFinalXOF(md_ctx
, md
, sizeof(md
)))
1435 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1436 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1437 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1442 EVP_MD_CTX_free(md_ctx
);
1443 EVP_MD_free(sha256
);
1444 EVP_MD_free(shake256
);
1448 static int test_EVP_md_null(void)
1451 EVP_MD_CTX
*md_ctx
= NULL
;
1452 const EVP_MD
*md_null
= EVP_md_null();
1453 unsigned char md_value
[EVP_MAX_MD_SIZE
];
1454 unsigned int md_len
= sizeof(md_value
);
1456 if (nullprov
!= NULL
)
1457 return TEST_skip("Test does not support a non-default library context");
1459 if (!TEST_ptr(md_null
)
1460 || !TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1463 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, md_null
, NULL
))
1464 || !TEST_true(EVP_DigestUpdate(md_ctx
, "test", 4))
1465 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md_value
, &md_len
)))
1468 if (!TEST_uint_eq(md_len
, 0))
1473 EVP_MD_CTX_free(md_ctx
);
1477 static int test_d2i_AutoPrivateKey(int i
)
1480 const unsigned char *p
;
1481 EVP_PKEY
*pkey
= NULL
;
1482 const APK_DATA
*ak
= &keydata
[i
];
1483 const unsigned char *input
= ak
->kder
;
1484 size_t input_len
= ak
->size
;
1485 int expected_id
= ak
->evptype
;
1488 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1489 || !TEST_ptr_eq(p
, input
+ input_len
)
1490 || !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
1496 EVP_PKEY_free(pkey
);
1500 #ifndef OPENSSL_NO_EC
1502 static const unsigned char ec_public_sect163k1_validxy
[] = {
1503 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1504 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1505 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1506 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1507 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1508 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1511 static const unsigned char ec_public_sect163k1_badx
[] = {
1512 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1513 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1514 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1515 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1516 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1517 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1520 static const unsigned char ec_public_sect163k1_bady
[] = {
1521 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1522 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1523 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1524 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1525 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1526 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1529 static struct ec_der_pub_keys_st
{
1530 const unsigned char *der
;
1533 } ec_der_pub_keys
[] = {
1534 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
1535 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
1536 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
1540 * Tests the range of the decoded EC char2 public point.
1541 * See ec_GF2m_simple_oct2point().
1543 static int test_invalide_ec_char2_pub_range_decode(int id
)
1548 pkey
= load_example_key("EC", ec_der_pub_keys
[id
].der
,
1549 ec_der_pub_keys
[id
].len
);
1551 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(pkey
))
1552 || TEST_ptr_null(pkey
);
1553 EVP_PKEY_free(pkey
);
1557 /* Tests loading a bad key in PKCS8 format */
1558 static int test_EVP_PKCS82PKEY(void)
1561 const unsigned char *derp
= kExampleBadECKeyDER
;
1562 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1563 EVP_PKEY
*pkey
= NULL
;
1565 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
1566 sizeof(kExampleBadECKeyDER
))))
1569 if (!TEST_ptr_eq(derp
,
1570 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
1573 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
1579 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1580 EVP_PKEY_free(pkey
);
1586 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1588 EVP_PKEY
*pkey
= NULL
;
1589 EVP_PKEY
*pkey2
= NULL
;
1591 char *membuf
= NULL
;
1592 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1595 if (testctx
!= NULL
)
1596 /* test not supported with non-default context */
1599 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1600 || !TEST_ptr(pkey
= load_example_rsa_key())
1601 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1602 NULL
, 0, NULL
, NULL
),
1604 || !TEST_int_gt(BIO_get_mem_data(membio
, &membuf
), 0)
1605 || !TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO_bio(membio
, NULL
))
1606 || !TEST_ptr(pkey2
= EVP_PKCS82PKEY(p8inf
))
1607 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1613 EVP_PKEY_free(pkey
);
1614 EVP_PKEY_free(pkey2
);
1615 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1616 BIO_free_all(membio
);
1620 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1621 static int test_privatekey_to_pkcs8(void)
1623 EVP_PKEY
*pkey
= NULL
;
1625 char *membuf
= NULL
;
1626 long membuf_len
= 0;
1629 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1630 || !TEST_ptr(pkey
= load_example_rsa_key())
1631 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1632 NULL
, 0, NULL
, NULL
),
1634 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
1635 || !TEST_ptr(membuf
)
1636 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
1637 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
1639 * We try to write PEM as well, just to see that it doesn't err, but
1640 * assume that the result is correct.
1642 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
1643 NULL
, 0, NULL
, NULL
),
1649 EVP_PKEY_free(pkey
);
1650 BIO_free_all(membio
);
1654 #ifndef OPENSSL_NO_EC
1655 static const struct {
1657 const char *encoding_name
;
1658 } ec_encodings
[] = {
1659 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
1660 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
1663 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
1665 const OSSL_PARAM
*p
;
1666 const char *enc_name
= NULL
;
1672 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
1673 OSSL_PKEY_PARAM_EC_ENCODING
))
1674 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
1677 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
1678 if (strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
1679 *enc
= ec_encodings
[i
].encoding
;
1684 return (*enc
!= -1);
1687 static int test_EC_keygen_with_enc(int idx
)
1689 EVP_PKEY
*params
= NULL
, *key
= NULL
;
1690 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
1694 enc
= ec_encodings
[idx
].encoding
;
1696 /* Create key parameters */
1697 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
1698 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx
), 0)
1699 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"))
1700 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
))
1701 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
1702 || !TEST_ptr(params
))
1706 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
1707 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
1708 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
1712 /* Check that the encoding got all the way into the key */
1713 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
1714 ec_export_get_encoding_cb
, &enc
))
1715 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
1721 EVP_PKEY_free(params
);
1722 EVP_PKEY_CTX_free(kctx
);
1723 EVP_PKEY_CTX_free(pctx
);
1728 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1730 static int test_EVP_SM2_verify(void)
1732 const char *pubkey
=
1733 "-----BEGIN PUBLIC KEY-----\n"
1734 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1735 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1736 "-----END PUBLIC KEY-----\n";
1738 const char *msg
= "message digest";
1739 const char *id
= "ALICE123@YAHOO.COM";
1741 const uint8_t signature
[] = {
1742 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1743 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1744 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1745 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1746 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1747 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1748 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1753 EVP_PKEY
*pkey
= NULL
;
1754 EVP_MD_CTX
*mctx
= NULL
;
1755 EVP_PKEY_CTX
*pctx
= NULL
;
1758 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
1759 if (!TEST_true(bio
!= NULL
))
1762 pkey
= PEM_read_bio_PUBKEY_ex(bio
, NULL
, NULL
, NULL
, testctx
, testpropq
);
1763 if (!TEST_true(pkey
!= NULL
))
1766 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
1769 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
1772 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1775 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
1777 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1780 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, sm3
, NULL
, pkey
)))
1783 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
1786 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
1789 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
)), 0))
1795 EVP_PKEY_free(pkey
);
1796 EVP_PKEY_CTX_free(pctx
);
1797 EVP_MD_CTX_free(mctx
);
1802 static int test_EVP_SM2(void)
1805 EVP_PKEY
*pkey
= NULL
;
1806 EVP_PKEY
*pkeyparams
= NULL
;
1807 EVP_PKEY_CTX
*pctx
= NULL
;
1808 EVP_PKEY_CTX
*kctx
= NULL
;
1809 EVP_PKEY_CTX
*sctx
= NULL
;
1811 unsigned char *sig
= NULL
;
1812 EVP_MD_CTX
*md_ctx
= NULL
;
1813 EVP_MD_CTX
*md_ctx_verify
= NULL
;
1814 EVP_PKEY_CTX
*cctx
= NULL
;
1815 EVP_MD
*check_md
= NULL
;
1817 uint8_t ciphertext
[128];
1818 size_t ctext_len
= sizeof(ciphertext
);
1820 uint8_t plaintext
[8];
1821 size_t ptext_len
= sizeof(plaintext
);
1823 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1825 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1826 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1828 char mdname
[OSSL_MAX_NAME_SIZE
];
1830 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
,
1834 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
1837 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
1840 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
1843 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1844 pkeyparams
, testpropq
)))
1847 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0))
1850 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
1853 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1856 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
1859 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1862 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
1863 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
1865 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1868 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, check_md
, NULL
, pkey
)))
1871 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1874 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1877 /* Determine the size of the signature. */
1878 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
1881 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1884 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1887 /* Ensure that the signature round-trips. */
1889 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
1893 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1896 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1899 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1902 /* now check encryption/decryption */
1904 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1905 mdname
, sizeof(mdname
));
1906 for (i
= 0; i
< 2; i
++) {
1907 const char *mdnames
[] = {
1908 #ifndef OPENSSL_NO_SM3
1914 EVP_PKEY_CTX_free(cctx
);
1916 if (mdnames
[i
] == NULL
)
1920 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1921 (char *)mdnames
[i
], 0);
1923 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1927 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
1930 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1933 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
1937 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
1940 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1943 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
1947 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
1951 * Test we're still using the digest we think we are.
1952 * Because of aliases, the easiest is to fetch the digest and
1953 * check the name with EVP_MD_is_a().
1955 EVP_MD_free(check_md
);
1956 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, mdname
, testpropq
)))
1958 if (!TEST_true(EVP_MD_is_a(check_md
, mdnames
[i
]))) {
1959 TEST_info("Fetched md %s isn't %s", mdname
, mdnames
[i
]);
1963 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
1966 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
1972 EVP_PKEY_CTX_free(pctx
);
1973 EVP_PKEY_CTX_free(kctx
);
1974 EVP_PKEY_CTX_free(sctx
);
1975 EVP_PKEY_CTX_free(cctx
);
1976 EVP_PKEY_free(pkey
);
1977 EVP_PKEY_free(pkeyparams
);
1978 EVP_MD_CTX_free(md_ctx
);
1979 EVP_MD_CTX_free(md_ctx_verify
);
1980 EVP_MD_free(check_md
);
1987 static struct keys_st
{
1993 EVP_PKEY_HMAC
, "0123456789", NULL
1996 EVP_PKEY_HMAC
, "", NULL
1997 #ifndef OPENSSL_NO_POLY1305
1999 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
2001 #ifndef OPENSSL_NO_SIPHASH
2003 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
2006 #ifndef OPENSSL_NO_EC
2008 EVP_PKEY_X25519
, "01234567890123456789012345678901",
2009 "abcdefghijklmnopqrstuvwxyzabcdef"
2011 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
2012 "abcdefghijklmnopqrstuvwxyzabcdef"
2015 "01234567890123456789012345678901234567890123456789012345",
2016 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2019 "012345678901234567890123456789012345678901234567890123456",
2020 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2025 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
2028 unsigned char buf
[80];
2030 size_t inlen
, len
= 0, shortlen
= 1;
2033 /* Check if this algorithm supports public keys */
2034 if (pub
&& keys
[tst
].pub
== NULL
)
2037 memset(buf
, 0, sizeof(buf
));
2040 #ifndef OPENSSL_NO_EC
2041 inlen
= strlen(keys
[tst
].pub
);
2042 in
= (unsigned char *)keys
[tst
].pub
;
2044 pkey
= EVP_PKEY_new_raw_public_key_ex(
2046 OBJ_nid2sn(keys
[tst
].type
),
2051 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
2060 inlen
= strlen(keys
[tst
].priv
);
2061 in
= (unsigned char *)keys
[tst
].priv
;
2063 pkey
= EVP_PKEY_new_raw_private_key_ex(
2064 testctx
, OBJ_nid2sn(keys
[tst
].type
),
2069 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
2077 || !TEST_int_eq(EVP_PKEY_eq(pkey
, pkey
), 1)
2078 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
2079 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
2080 || !TEST_true(len
== inlen
))
2084 * Test that supplying a buffer that is too small fails. Doesn't apply
2085 * to HMAC with a zero length key
2087 if ((!pub
&& !TEST_false(EVP_PKEY_get_raw_private_key(pkey
, buf
,
2089 || (pub
&& !TEST_false(EVP_PKEY_get_raw_public_key(pkey
, buf
,
2093 if ((!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
2094 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
2095 || !TEST_mem_eq(in
, inlen
, buf
, len
))
2100 EVP_PKEY_free(pkey
);
2104 static int test_set_get_raw_keys(int tst
)
2106 return (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 0, 0))
2107 && test_set_get_raw_keys_int(tst
, 0, 1)
2108 && (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 1, 0))
2109 && test_set_get_raw_keys_int(tst
, 1, 1);
2112 #ifndef OPENSSL_NO_DEPRECATED_3_0
2113 static int pkey_custom_check(EVP_PKEY
*pkey
)
2118 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
2123 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
2128 static EVP_PKEY_METHOD
*custom_pmeth
;
2131 static int test_EVP_PKEY_check(int i
)
2134 EVP_PKEY
*pkey
= NULL
;
2135 EVP_PKEY_CTX
*ctx
= NULL
;
2136 #ifndef OPENSSL_NO_DEPRECATED_3_0
2137 EVP_PKEY_CTX
*ctx2
= NULL
;
2139 const APK_DATA
*ak
= &keycheckdata
[i
];
2140 const unsigned char *input
= ak
->kder
;
2141 size_t input_len
= ak
->size
;
2142 int expected_id
= ak
->evptype
;
2143 int expected_check
= ak
->check
;
2144 int expected_pub_check
= ak
->pub_check
;
2145 int expected_param_check
= ak
->param_check
;
2146 int type
= ak
->type
;
2148 if (!TEST_ptr(pkey
= load_example_key(ak
->keytype
, input
, input_len
)))
2151 && !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
2154 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2157 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
2160 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
2163 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
2166 #ifndef OPENSSL_NO_DEPRECATED_3_0
2167 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
2168 /* assign the pkey directly, as an internal test */
2169 EVP_PKEY_up_ref(pkey
);
2172 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
2175 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
2178 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
2185 EVP_PKEY_CTX_free(ctx
);
2186 #ifndef OPENSSL_NO_DEPRECATED_3_0
2187 EVP_PKEY_CTX_free(ctx2
);
2189 EVP_PKEY_free(pkey
);
2193 #ifndef OPENSSL_NO_CMAC
2194 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
2196 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
2197 const char msg
[] = "Hello World";
2198 size_t maclen
= AES_BLOCK_SIZE
;
2201 if (!TEST_ptr(mdctx
)
2202 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, NULL
, testctx
,
2203 testpropq
, pkey
, NULL
))
2204 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
2205 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
2206 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
2209 EVP_MD_CTX_free(mdctx
);
2213 static int test_CMAC_keygen(void)
2215 static unsigned char key
[] = {
2216 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2217 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2218 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2220 EVP_PKEY_CTX
*kctx
= NULL
;
2222 EVP_PKEY
*pkey
= NULL
;
2223 unsigned char mac
[AES_BLOCK_SIZE
];
2224 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2225 unsigned char mac2
[AES_BLOCK_SIZE
];
2228 if (nullprov
!= NULL
)
2229 return TEST_skip("Test does not support a non-default library context");
2232 * This is a legacy method for CMACs, but should still work.
2233 * This verifies that it works without an ENGINE.
2235 kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
2237 /* Test a CMAC key created using the "generated" method */
2238 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2239 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2240 EVP_PKEY_CTRL_CIPHER
,
2241 0, (void *)EVP_aes_256_ecb()), 0)
2242 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2243 EVP_PKEY_CTRL_SET_MAC_KEY
,
2244 sizeof(key
), (void *)key
), 0)
2245 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
2247 || !TEST_true(get_cmac_val(pkey
, mac
)))
2250 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2251 EVP_PKEY_free(pkey
);
2254 * Test a CMAC key using the direct method, and compare with the mac
2257 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_ecb());
2259 || !TEST_true(get_cmac_val(pkey
, mac2
))
2260 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
2267 EVP_PKEY_free(pkey
);
2268 EVP_PKEY_CTX_free(kctx
);
2273 static int test_HKDF(void)
2276 unsigned char out
[20];
2279 unsigned char salt
[] = "0123456789";
2280 unsigned char key
[] = "012345678901234567890123456789";
2281 unsigned char info
[] = "infostring";
2282 const unsigned char expected
[] = {
2283 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2284 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2286 size_t expectedlen
= sizeof(expected
);
2288 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2291 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2292 for (i
= 0; i
< 2; i
++) {
2293 outlen
= sizeof(out
);
2294 memset(out
, 0, outlen
);
2296 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2297 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2298 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2299 sizeof(salt
) - 1), 0)
2300 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2301 sizeof(key
) - 1), 0)
2302 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2303 sizeof(info
) - 1), 0)
2304 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2305 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2312 EVP_PKEY_CTX_free(pctx
);
2317 static int test_emptyikm_HKDF(void)
2320 unsigned char out
[20];
2323 unsigned char salt
[] = "9876543210";
2324 unsigned char key
[] = "";
2325 unsigned char info
[] = "stringinfo";
2326 const unsigned char expected
[] = {
2327 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2328 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2330 size_t expectedlen
= sizeof(expected
);
2332 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2335 outlen
= sizeof(out
);
2336 memset(out
, 0, outlen
);
2338 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2339 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2340 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2341 sizeof(salt
) - 1), 0)
2342 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2343 sizeof(key
) - 1), 0)
2344 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2345 sizeof(info
) - 1), 0)
2346 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2347 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2353 EVP_PKEY_CTX_free(pctx
);
2358 #ifndef OPENSSL_NO_EC
2359 static int test_X509_PUBKEY_inplace(void)
2362 X509_PUBKEY
*xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2363 const unsigned char *p
= kExampleECPubKeyDER
;
2364 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2368 if (!TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2371 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
2374 p
= kExampleBadECPubKeyDER
;
2375 input_len
= sizeof(kExampleBadECPubKeyDER
);
2377 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2380 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
2386 X509_PUBKEY_free(xp
);
2390 static int test_X509_PUBKEY_dup(void)
2393 X509_PUBKEY
*xp
= NULL
, *xq
= NULL
;
2394 const unsigned char *p
= kExampleECPubKeyDER
;
2395 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2397 xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2399 || !TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2400 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
))
2401 || !TEST_ptr_ne(xp
, xq
))
2404 if (!TEST_ptr(X509_PUBKEY_get0(xq
))
2405 || !TEST_ptr(X509_PUBKEY_get0(xp
))
2406 || !TEST_ptr_ne(X509_PUBKEY_get0(xq
), X509_PUBKEY_get0(xp
)))
2409 X509_PUBKEY_free(xq
);
2411 p
= kExampleBadECPubKeyDER
;
2412 input_len
= sizeof(kExampleBadECPubKeyDER
);
2414 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2415 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
)))
2418 X509_PUBKEY_free(xp
);
2420 if (!TEST_true(X509_PUBKEY_get0(xq
) == NULL
))
2426 X509_PUBKEY_free(xp
);
2427 X509_PUBKEY_free(xq
);
2430 #endif /* OPENSSL_NO_EC */
2432 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2433 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
2435 EVP_MD_CTX
*mdctx
= NULL
;
2436 EVP_PKEY_CTX
*ctx
= NULL
;
2437 const OSSL_PARAM
*params
;
2438 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
2441 char mdname
[OSSL_MAX_NAME_SIZE
];
2444 /* Initialise a sign operation */
2445 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
);
2447 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
2451 * We should be able to query the parameters now.
2453 params
= EVP_PKEY_CTX_settable_params(ctx
);
2454 if (!TEST_ptr(params
)
2455 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2456 OSSL_SIGNATURE_PARAM_DIGEST
)))
2459 params
= EVP_PKEY_CTX_gettable_params(ctx
);
2460 if (!TEST_ptr(params
)
2461 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2462 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
2463 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2464 OSSL_SIGNATURE_PARAM_DIGEST
)))
2468 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2469 * EVP_PKEY_CTX_get_params()
2471 strcpy(mdname
, "SHA512");
2473 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2475 *param
++ = OSSL_PARAM_construct_end();
2477 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
2481 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2482 mdname
, sizeof(mdname
));
2483 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
2484 || !TEST_str_eq(mdname
, "SHA512"))
2488 * Test the TEST_PKEY_CTX_set_signature_md() and
2489 * TEST_PKEY_CTX_get_signature_md() functions
2491 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
2492 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
2493 || !TEST_ptr_eq(md
, EVP_sha256()))
2497 * Test getting MD parameters via an associated EVP_PKEY_CTX
2499 mdctx
= EVP_MD_CTX_new();
2500 if (!TEST_ptr(mdctx
)
2501 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", testctx
, testpropq
,
2506 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2507 * able to obtain the digest's settable parameters from the provider.
2509 params
= EVP_MD_CTX_settable_params(mdctx
);
2510 if (!TEST_ptr(params
)
2511 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
2512 /* The final key should be NULL */
2513 || !TEST_ptr_null(params
[1].key
))
2517 memset(ssl3ms
, 0, sizeof(ssl3ms
));
2518 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
2519 ssl3ms
, sizeof(ssl3ms
));
2520 *param
++ = OSSL_PARAM_construct_end();
2522 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
2528 EVP_MD_CTX_free(mdctx
);
2529 EVP_PKEY_CTX_free(ctx
);
2534 #ifndef OPENSSL_NO_DSA
2535 static int test_DSA_get_set_params(void)
2537 OSSL_PARAM_BLD
*bld
= NULL
;
2538 OSSL_PARAM
*params
= NULL
;
2539 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
2540 EVP_PKEY_CTX
*pctx
= NULL
;
2541 EVP_PKEY
*pkey
= NULL
;
2545 * Setup the parameters for our DSA object. For our purposes they don't
2546 * have to actually be *valid* parameters. We just need to set something.
2548 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "DSA", NULL
))
2549 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2550 || !TEST_ptr(p
= BN_new())
2551 || !TEST_ptr(q
= BN_new())
2552 || !TEST_ptr(g
= BN_new())
2553 || !TEST_ptr(pub
= BN_new())
2554 || !TEST_ptr(priv
= BN_new()))
2556 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
2557 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
2558 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
2559 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
2561 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
2564 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2567 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2568 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2572 if (!TEST_ptr(pkey
))
2575 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2578 EVP_PKEY_free(pkey
);
2579 EVP_PKEY_CTX_free(pctx
);
2580 OSSL_PARAM_free(params
);
2581 OSSL_PARAM_BLD_free(bld
);
2592 * Test combinations of private, public, missing and private + public key
2593 * params to ensure they are all accepted
2595 static int test_DSA_priv_pub(void)
2597 return test_EVP_PKEY_ffc_priv_pub("DSA");
2600 #endif /* !OPENSSL_NO_DSA */
2602 static int test_RSA_get_set_params(void)
2604 OSSL_PARAM_BLD
*bld
= NULL
;
2605 OSSL_PARAM
*params
= NULL
;
2606 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
2607 EVP_PKEY_CTX
*pctx
= NULL
;
2608 EVP_PKEY
*pkey
= NULL
;
2612 * Setup the parameters for our RSA object. For our purposes they don't
2613 * have to actually be *valid* parameters. We just need to set something.
2615 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
2616 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2617 || !TEST_ptr(n
= BN_new())
2618 || !TEST_ptr(e
= BN_new())
2619 || !TEST_ptr(d
= BN_new()))
2621 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
2622 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
2623 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
2625 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2628 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2629 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2633 if (!TEST_ptr(pkey
))
2636 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2639 EVP_PKEY_free(pkey
);
2640 EVP_PKEY_CTX_free(pctx
);
2641 OSSL_PARAM_free(params
);
2642 OSSL_PARAM_BLD_free(bld
);
2650 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2651 static int test_decrypt_null_chunks(void)
2653 EVP_CIPHER_CTX
* ctx
= NULL
;
2654 EVP_CIPHER
*cipher
= NULL
;
2655 const unsigned char key
[32] = {
2656 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2657 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2658 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2660 unsigned char iv
[12] = {
2661 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2663 unsigned char msg
[] = "It was the best of times, it was the worst of times";
2664 unsigned char ciphertext
[80];
2665 unsigned char plaintext
[80];
2666 /* We initialise tmp to a non zero value on purpose */
2667 int ctlen
, ptlen
, tmp
= 99;
2669 const int enc_offset
= 10, dec_offset
= 20;
2671 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "ChaCha20-Poly1305", testpropq
))
2672 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
2673 || !TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
,
2675 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
2677 /* Deliberate add a zero length update */
2678 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
2680 || !TEST_int_eq(tmp
, 0)
2681 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
2683 sizeof(msg
) - enc_offset
))
2684 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
2685 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
2686 || !TEST_int_eq(tmp
, 0))
2689 /* Deliberately initialise tmp to a non zero value */
2691 if (!TEST_true(EVP_DecryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
2692 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
2695 * Deliberately add a zero length update. We also deliberately do
2696 * this at a different offset than for encryption.
2698 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
2700 || !TEST_int_eq(tmp
, 0)
2701 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
2702 ciphertext
+ dec_offset
,
2703 ctlen
- dec_offset
))
2704 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
2705 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
2706 || !TEST_int_eq(tmp
, 0)
2707 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
2712 EVP_CIPHER_CTX_free(ctx
);
2713 EVP_CIPHER_free(cipher
);
2716 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2718 #ifndef OPENSSL_NO_DH
2720 * Test combinations of private, public, missing and private + public key
2721 * params to ensure they are all accepted
2723 static int test_DH_priv_pub(void)
2725 return test_EVP_PKEY_ffc_priv_pub("DH");
2728 # ifndef OPENSSL_NO_DEPRECATED_3_0
2729 static int test_EVP_PKEY_set1_DH(void)
2731 DH
*x942dh
= NULL
, *noqdh
= NULL
;
2732 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
2734 BIGNUM
*p
, *g
= NULL
;
2735 BIGNUM
*pubkey
= NULL
;
2736 unsigned char pub
[2048 / 8];
2739 if (!TEST_ptr(p
= BN_new())
2740 || !TEST_ptr(g
= BN_new())
2741 || !TEST_ptr(pubkey
= BN_new())
2742 || !TEST_true(BN_set_word(p
, 9999))
2743 || !TEST_true(BN_set_word(g
, 2))
2744 || !TEST_true(BN_set_word(pubkey
, 4321))
2745 || !TEST_ptr(noqdh
= DH_new())
2746 || !TEST_true(DH_set0_pqg(noqdh
, p
, NULL
, g
))
2747 || !TEST_true(DH_set0_key(noqdh
, pubkey
, NULL
))
2748 || !TEST_ptr(pubkey
= BN_new())
2749 || !TEST_true(BN_set_word(pubkey
, 4321)))
2753 x942dh
= DH_get_2048_256();
2754 pkey1
= EVP_PKEY_new();
2755 pkey2
= EVP_PKEY_new();
2756 if (!TEST_ptr(x942dh
)
2760 || !TEST_true(DH_set0_key(x942dh
, pubkey
, NULL
)))
2764 if (!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
2765 || !TEST_int_eq(EVP_PKEY_get_id(pkey1
), EVP_PKEY_DHX
))
2768 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1
, OSSL_PKEY_PARAM_PUB_KEY
,
2770 || !TEST_ptr(pubkey
))
2773 if (!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
2774 || !TEST_int_eq(EVP_PKEY_get_id(pkey2
), EVP_PKEY_DH
))
2777 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2
,
2778 OSSL_PKEY_PARAM_PUB_KEY
,
2779 pub
, sizeof(pub
), &len
))
2780 || !TEST_size_t_ne(len
, 0))
2788 EVP_PKEY_free(pkey1
);
2789 EVP_PKEY_free(pkey2
);
2795 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2796 #endif /* !OPENSSL_NO_DH */
2799 * We test what happens with an empty template. For the sake of this test,
2800 * the template must be ignored, and we know that's the case for RSA keys
2801 * (this might arguably be a misfeature, but that's what we currently do,
2802 * even in provider code, since that's how the legacy RSA implementation
2805 static int test_keygen_with_empty_template(int n
)
2807 EVP_PKEY_CTX
*ctx
= NULL
;
2808 EVP_PKEY
*pkey
= NULL
;
2809 EVP_PKEY
*tkey
= NULL
;
2812 if (nullprov
!= NULL
)
2813 return TEST_skip("Test does not support a non-default library context");
2817 /* We do test with no template at all as well */
2818 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
2822 /* Here we create an empty RSA key that serves as our template */
2823 if (!TEST_ptr(tkey
= EVP_PKEY_new())
2824 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
2825 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
2830 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
2831 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
2836 EVP_PKEY_CTX_free(ctx
);
2837 EVP_PKEY_free(pkey
);
2838 EVP_PKEY_free(tkey
);
2843 * Test that we fail if we attempt to use an algorithm that is not available
2844 * in the current library context (unless we are using an algorithm that
2845 * should be made available via legacy codepaths).
2850 static int test_pkey_ctx_fail_without_provider(int tst
)
2852 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
2853 OSSL_PROVIDER
*tmpnullprov
= NULL
;
2854 EVP_PKEY_CTX
*pctx
= NULL
;
2855 const char *keytype
= NULL
;
2856 int expect_null
= 0;
2859 if (!TEST_ptr(tmpctx
))
2862 tmpnullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
2863 if (!TEST_ptr(tmpnullprov
))
2867 * We check for certain algos in the null provider.
2868 * If an algo is expected to have a provider keymgmt, contructing an
2869 * EVP_PKEY_CTX is expected to fail (return NULL).
2870 * Otherwise, if it's expected to have legacy support, contructing an
2871 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2881 #ifdef OPENSSL_NO_EC
2882 TEST_info("EC disable, skipping SM2 check...");
2885 #ifdef OPENSSL_NO_SM2
2886 TEST_info("SM2 disable, skipping SM2 check...");
2891 TEST_error("No test for case %d", tst
);
2895 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
2896 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
2899 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2905 EVP_PKEY_CTX_free(pctx
);
2906 OSSL_PROVIDER_unload(tmpnullprov
);
2907 OSSL_LIB_CTX_free(tmpctx
);
2911 static int test_rand_agglomeration(void)
2915 OSSL_PARAM params
[3], *p
= params
;
2917 unsigned int step
= 7;
2918 static unsigned char seed
[] = "It does not matter how slowly you go "
2919 "as long as you do not stop.";
2920 unsigned char out
[sizeof(seed
)];
2922 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
2923 || !TEST_ptr(rand
= EVP_RAND_fetch(testctx
, "TEST-RAND", testpropq
)))
2925 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
2926 EVP_RAND_free(rand
);
2930 memset(out
, 0, sizeof(out
));
2931 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
2932 seed
, sizeof(seed
));
2933 *p
++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST
, &step
);
2934 *p
= OSSL_PARAM_construct_end();
2935 res
= TEST_true(EVP_RAND_CTX_set_params(ctx
, params
))
2936 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
2937 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
2938 EVP_RAND_CTX_free(ctx
);
2943 * Test that we correctly return the original or "running" IV after
2944 * an encryption operation.
2945 * Run multiple times for some different relevant algorithms/modes.
2947 static int test_evp_iv_aes(int idx
)
2950 EVP_CIPHER_CTX
*ctx
= NULL
;
2951 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2952 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2953 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
2954 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2955 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2956 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2957 9, 10, 11, 12, 13, 14, 15, 16 };
2958 unsigned char ciphertext
[32], oiv
[16], iv
[16];
2959 unsigned char *ref_iv
;
2960 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2961 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2963 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2964 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2965 unsigned char cfb_state
[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2966 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2967 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2968 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2969 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2970 #ifndef OPENSSL_NO_OCB
2971 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2972 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2974 int len
= sizeof(ciphertext
);
2975 size_t ivlen
, ref_len
;
2976 const EVP_CIPHER
*type
= NULL
;
2979 if (nullprov
!= NULL
&& idx
< 6)
2980 return TEST_skip("Test does not support a non-default library context");
2984 type
= EVP_aes_128_cbc();
2987 type
= (type
!= NULL
) ? type
:
2988 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", testpropq
);
2990 ref_len
= sizeof(cbc_state
);
2994 type
= EVP_aes_128_ofb();
2997 type
= (type
!= NULL
) ? type
:
2998 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", testpropq
);
3000 ref_len
= sizeof(ofb_state
);
3004 type
= EVP_aes_128_cfb();
3007 type
= (type
!= NULL
) ? type
:
3008 EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
);
3010 ref_len
= sizeof(cfb_state
);
3014 type
= EVP_aes_128_gcm();
3017 type
= (type
!= NULL
) ? type
:
3018 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", testpropq
);
3020 ref_len
= sizeof(gcm_state
);
3023 type
= EVP_aes_128_ccm();
3026 type
= (type
!= NULL
) ? type
:
3027 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", testpropq
);
3029 ref_len
= sizeof(ccm_state
);
3031 #ifdef OPENSSL_NO_OCB
3037 type
= EVP_aes_128_ocb();
3040 type
= (type
!= NULL
) ? type
:
3041 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", testpropq
);
3043 ref_len
= sizeof(ocb_state
);
3051 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3052 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3053 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3055 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3056 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3057 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3059 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3060 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3061 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3064 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3065 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3066 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3069 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3072 if (!TEST_mem_eq(ref_iv
, ivlen
, iv
, ivlen
))
3078 EVP_CIPHER_CTX_free(ctx
);
3080 EVP_CIPHER_free((EVP_CIPHER
*)type
);
3084 #ifndef OPENSSL_NO_DES
3085 static int test_evp_iv_des(int idx
)
3088 EVP_CIPHER_CTX
*ctx
= NULL
;
3089 static const unsigned char key
[24] = {
3090 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3091 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3092 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3094 static const unsigned char init_iv
[8] = {
3095 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3097 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3098 9, 10, 11, 12, 13, 14, 15, 16 };
3099 unsigned char ciphertext
[32], oiv
[8], iv
[8];
3100 unsigned const char *ref_iv
;
3101 static const unsigned char cbc_state_des
[8] = {
3102 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3104 static const unsigned char cbc_state_3des
[8] = {
3105 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3107 static const unsigned char ofb_state_des
[8] = {
3108 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3110 static const unsigned char ofb_state_3des
[8] = {
3111 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3113 static const unsigned char cfb_state_des
[8] = {
3114 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3116 static const unsigned char cfb_state_3des
[8] = {
3117 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3119 int len
= sizeof(ciphertext
);
3120 size_t ivlen
, ref_len
;
3121 EVP_CIPHER
*type
= NULL
;
3123 if (lgcyprov
== NULL
&& idx
< 3)
3124 return TEST_skip("Test requires legacy provider to be loaded");
3128 type
= EVP_CIPHER_fetch(testctx
, "des-cbc", testpropq
);
3129 ref_iv
= cbc_state_des
;
3130 ref_len
= sizeof(cbc_state_des
);
3133 type
= EVP_CIPHER_fetch(testctx
, "des-ofb", testpropq
);
3134 ref_iv
= ofb_state_des
;
3135 ref_len
= sizeof(ofb_state_des
);
3138 type
= EVP_CIPHER_fetch(testctx
, "des-cfb", testpropq
);
3139 ref_iv
= cfb_state_des
;
3140 ref_len
= sizeof(cfb_state_des
);
3143 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cbc", testpropq
);
3144 ref_iv
= cbc_state_3des
;
3145 ref_len
= sizeof(cbc_state_3des
);
3148 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-ofb", testpropq
);
3149 ref_iv
= ofb_state_3des
;
3150 ref_len
= sizeof(ofb_state_3des
);
3153 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cfb", testpropq
);
3154 ref_iv
= cfb_state_3des
;
3155 ref_len
= sizeof(cfb_state_3des
);
3162 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3163 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3164 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3166 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3167 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3168 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3170 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3171 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3172 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3175 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3176 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3178 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3183 EVP_CIPHER_CTX_free(ctx
);
3184 EVP_CIPHER_free(type
);
3189 #ifndef OPENSSL_NO_EC
3190 static int ecpub_nids
[] = {
3191 NID_brainpoolP256r1
, NID_X9_62_prime256v1
,
3192 NID_secp384r1
, NID_secp521r1
,
3193 # ifndef OPENSSL_NO_EC2M
3194 NID_sect233k1
, NID_sect233r1
, NID_sect283r1
,
3195 NID_sect409k1
, NID_sect409r1
, NID_sect571k1
, NID_sect571r1
,
3197 NID_brainpoolP384r1
, NID_brainpoolP512r1
3200 static int test_ecpub(int idx
)
3202 int ret
= 0, len
, savelen
;
3204 unsigned char buf
[1024];
3206 EVP_PKEY
*pkey
= NULL
;
3207 EVP_PKEY_CTX
*ctx
= NULL
;
3208 # ifndef OPENSSL_NO_DEPRECATED_3_0
3209 const unsigned char *q
;
3210 EVP_PKEY
*pkey2
= NULL
;
3214 if (nullprov
!= NULL
)
3215 return TEST_skip("Test does not support a non-default library context");
3217 nid
= ecpub_nids
[idx
];
3219 ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
3221 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3222 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, nid
))
3223 || !TEST_true(EVP_PKEY_keygen(ctx
, &pkey
)))
3225 len
= i2d_PublicKey(pkey
, NULL
);
3227 if (!TEST_int_ge(len
, 1)
3228 || !TEST_int_lt(len
, 1024))
3231 len
= i2d_PublicKey(pkey
, &p
);
3232 if (!TEST_int_ge(len
, 1)
3233 || !TEST_int_eq(len
, savelen
))
3236 # ifndef OPENSSL_NO_DEPRECATED_3_0
3237 /* Now try to decode the just-created DER. */
3239 if (!TEST_ptr((pkey2
= EVP_PKEY_new()))
3240 || !TEST_ptr((ec
= EC_KEY_new_by_curve_name(nid
)))
3241 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2
, ec
)))
3243 /* EC_KEY ownership transferred */
3245 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC
, &pkey2
, &q
, savelen
)))
3247 /* The keys should match. */
3248 if (!TEST_int_eq(EVP_PKEY_eq(pkey
, pkey2
), 1))
3255 EVP_PKEY_CTX_free(ctx
);
3256 EVP_PKEY_free(pkey
);
3257 # ifndef OPENSSL_NO_DEPRECATED_3_0
3258 EVP_PKEY_free(pkey2
);
3265 static int test_EVP_rsa_pss_with_keygen_bits(void)
3268 EVP_PKEY_CTX
*ctx
= NULL
;
3269 EVP_PKEY
*pkey
= NULL
;
3272 md
= EVP_MD_fetch(testctx
, "sha256", testpropq
);
3274 && TEST_ptr((ctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", testpropq
)))
3275 && TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3276 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, 512), 0)
3277 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx
, md
))
3278 && TEST_true(EVP_PKEY_keygen(ctx
, &pkey
));
3281 EVP_PKEY_free(pkey
);
3282 EVP_PKEY_CTX_free(ctx
);
3286 static int test_EVP_rsa_pss_set_saltlen(void)
3289 EVP_PKEY
*pkey
= NULL
;
3290 EVP_PKEY_CTX
*pkey_ctx
= NULL
;
3291 EVP_MD
*sha256
= NULL
;
3292 EVP_MD_CTX
*sha256_ctx
= NULL
;
3293 int saltlen
= 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3294 const int test_value
= 32;
3296 ret
= TEST_ptr(pkey
= load_example_rsa_key())
3297 && TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", NULL
))
3298 && TEST_ptr(sha256_ctx
= EVP_MD_CTX_new())
3299 && TEST_true(EVP_DigestSignInit(sha256_ctx
, &pkey_ctx
, sha256
, NULL
, pkey
))
3300 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx
, RSA_PKCS1_PSS_PADDING
))
3301 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx
, test_value
))
3302 && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx
, &saltlen
))
3303 && TEST_int_eq(saltlen
, test_value
);
3305 EVP_MD_CTX_free(sha256_ctx
);
3306 EVP_PKEY_free(pkey
);
3307 EVP_MD_free(sha256
);
3312 static int success
= 1;
3313 static void md_names(const char *name
, void *vctx
)
3315 OSSL_LIB_CTX
*ctx
= (OSSL_LIB_CTX
*)vctx
;
3316 /* Force a namemap update */
3317 EVP_CIPHER
*aes128
= EVP_CIPHER_fetch(ctx
, "AES-128-CBC", NULL
);
3319 if (!TEST_ptr(aes128
))
3322 EVP_CIPHER_free(aes128
);
3326 * Test that changing the namemap in a user callback works in a names_do_all
3329 static int test_names_do_all(void)
3331 /* We use a custom libctx so that we know the state of the namemap */
3332 OSSL_LIB_CTX
*ctx
= OSSL_LIB_CTX_new();
3333 EVP_MD
*sha256
= NULL
;
3339 sha256
= EVP_MD_fetch(ctx
, "SHA2-256", NULL
);
3340 if (!TEST_ptr(sha256
))
3344 * We loop through all the names for a given digest. This should still work
3345 * even if the namemap changes part way through.
3347 if (!TEST_true(EVP_MD_names_do_all(sha256
, md_names
, ctx
)))
3350 if (!TEST_true(success
))
3355 EVP_MD_free(sha256
);
3356 OSSL_LIB_CTX_free(ctx
);
3362 const unsigned char *key
;
3363 const unsigned char *iv
;
3364 const unsigned char *input
;
3365 const unsigned char *expected
;
3366 const unsigned char *tag
;
3367 size_t ivlen
; /* 0 if we do not need to set a specific IV len */
3376 static const EVP_INIT_TEST_st evp_init_tests
[] = {
3378 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3379 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3383 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3384 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3385 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3386 sizeof(gcmDefaultTag
), 1, 0, 1
3389 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3390 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3394 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3395 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3396 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3397 sizeof(gcmDefaultTag
), 0, 0, 1
3400 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3401 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3405 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3406 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3407 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3408 sizeof(gcmDefaultTag
), 1, 1, 0
3411 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3412 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3416 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3417 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3418 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3419 sizeof(gcmDefaultTag
), 0, 1, 0
3423 static int evp_init_seq_set_iv(EVP_CIPHER_CTX
*ctx
, const EVP_INIT_TEST_st
*t
)
3427 if (t
->ivlen
!= 0) {
3428 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen
, NULL
)))
3431 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv
, -1)))
3439 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3440 * arguments are given one at a time and a final adjustment to the enc
3441 * parameter sets the correct operation.
3443 static int test_evp_init_seq(int idx
)
3445 int outlen1
, outlen2
;
3447 unsigned char outbuf
[1024];
3448 unsigned char tag
[16];
3449 const EVP_INIT_TEST_st
*t
= &evp_init_tests
[idx
];
3450 EVP_CIPHER_CTX
*ctx
= NULL
;
3451 EVP_CIPHER
*type
= NULL
;
3452 size_t taglen
= sizeof(tag
);
3453 char *errmsg
= NULL
;
3455 ctx
= EVP_CIPHER_CTX_new();
3457 errmsg
= "CTX_ALLOC";
3460 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
))) {
3461 errmsg
= "CIPHER_FETCH";
3464 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, t
->initenc
))) {
3465 errmsg
= "EMPTY_ENC_INIT";
3468 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3472 if (t
->keyfirst
&& !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3473 errmsg
= "KEY_INIT (before iv)";
3476 if (!evp_init_seq_set_iv(ctx
, t
)) {
3480 if (t
->keyfirst
== 0 && !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3481 errmsg
= "KEY_INIT (after iv)";
3484 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, t
->finalenc
))) {
3485 errmsg
= "FINAL_ENC_INIT";
3488 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3489 errmsg
= "CIPHER_UPDATE";
3492 if (t
->finalenc
== 0 && t
->tag
!= NULL
) {
3493 /* Set expected tag */
3494 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
,
3495 t
->taglen
, (void *)t
->tag
))) {
3500 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3501 errmsg
= "CIPHER_FINAL";
3504 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3505 errmsg
= "WRONG_RESULT";
3508 if (t
->finalenc
!= 0 && t
->tag
!= NULL
) {
3509 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3513 if (!TEST_mem_eq(t
->tag
, t
->taglen
, tag
, taglen
)) {
3514 errmsg
= "TAG_ERROR";
3521 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3522 EVP_CIPHER_CTX_free(ctx
);
3523 EVP_CIPHER_free(type
);
3528 const unsigned char *input
;
3529 const unsigned char *expected
;
3533 } EVP_RESET_TEST_st
;
3535 static const EVP_RESET_TEST_st evp_reset_tests
[] = {
3537 cfbPlaintext
, cfbCiphertext
,
3538 sizeof(cfbPlaintext
), sizeof(cfbCiphertext
), 1
3541 cfbCiphertext
, cfbPlaintext
,
3542 sizeof(cfbCiphertext
), sizeof(cfbPlaintext
), 0
3547 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3550 static int test_evp_reset(int idx
)
3552 const EVP_RESET_TEST_st
*t
= &evp_reset_tests
[idx
];
3553 int outlen1
, outlen2
;
3555 unsigned char outbuf
[1024];
3556 EVP_CIPHER_CTX
*ctx
= NULL
;
3557 EVP_CIPHER
*type
= NULL
;
3558 char *errmsg
= NULL
;
3560 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3561 errmsg
= "CTX_ALLOC";
3564 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
))) {
3565 errmsg
= "CIPHER_FETCH";
3568 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3569 errmsg
= "CIPHER_INIT";
3572 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3576 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3577 errmsg
= "CIPHER_UPDATE";
3580 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3581 errmsg
= "CIPHER_FINAL";
3584 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3585 errmsg
= "WRONG_RESULT";
3588 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, -1))) {
3589 errmsg
= "CIPHER_REINIT";
3592 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3593 errmsg
= "CIPHER_UPDATE (reinit)";
3596 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3597 errmsg
= "CIPHER_FINAL (reinit)";
3600 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3601 errmsg
= "WRONG_RESULT (reinit)";
3607 TEST_info("test_evp_reset %d: %s", idx
, errmsg
);
3608 EVP_CIPHER_CTX_free(ctx
);
3609 EVP_CIPHER_free(type
);
3616 } EVP_UPDATED_IV_TEST_st
;
3618 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests
[] = {
3658 * Test that the IV in the context is updated during a crypto operation for CFB
3661 static int test_evp_updated_iv(int idx
)
3663 const EVP_UPDATED_IV_TEST_st
*t
= &evp_updated_iv_tests
[idx
];
3664 int outlen1
, outlen2
;
3666 unsigned char outbuf
[1024];
3667 EVP_CIPHER_CTX
*ctx
= NULL
;
3668 EVP_CIPHER
*type
= NULL
;
3669 unsigned char updated_iv
[EVP_MAX_IV_LENGTH
];
3671 char *errmsg
= NULL
;
3673 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3674 errmsg
= "CTX_ALLOC";
3677 if ((type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
)) == NULL
) {
3678 TEST_info("cipher %s not supported, skipping", t
->cipher
);
3682 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3683 errmsg
= "CIPHER_INIT";
3686 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3690 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, cfbPlaintext
, sizeof(cfbPlaintext
)))) {
3691 errmsg
= "CIPHER_UPDATE";
3694 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, updated_iv
, sizeof(updated_iv
)))) {
3695 errmsg
= "CIPHER_CTX_GET_UPDATED_IV";
3698 if (!TEST_true(iv_len
= EVP_CIPHER_CTX_get_iv_length(ctx
))) {
3699 errmsg
= "CIPHER_CTX_GET_IV_LEN";
3702 if (!TEST_mem_ne(iCFBIV
, sizeof(iCFBIV
), updated_iv
, iv_len
)) {
3703 errmsg
= "IV_NOT_UPDATED";
3706 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3707 errmsg
= "CIPHER_FINAL";
3714 TEST_info("test_evp_updated_iv %d: %s", idx
, errmsg
);
3715 EVP_CIPHER_CTX_free(ctx
);
3716 EVP_CIPHER_free(type
);
3721 const unsigned char *iv1
;
3722 const unsigned char *iv2
;
3723 const unsigned char *expected1
;
3724 const unsigned char *expected2
;
3725 const unsigned char *tag1
;
3726 const unsigned char *tag2
;
3729 size_t expectedlen1
;
3730 size_t expectedlen2
;
3731 } TEST_GCM_IV_REINIT_st
;
3733 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests
[] = {
3735 iGCMResetIV1
, iGCMResetIV2
, gcmResetCiphertext1
, gcmResetCiphertext2
,
3736 gcmResetTag1
, gcmResetTag2
, sizeof(iGCMResetIV1
), sizeof(iGCMResetIV2
),
3737 sizeof(gcmResetCiphertext1
), sizeof(gcmResetCiphertext2
)
3740 iGCMResetIV2
, iGCMResetIV1
, gcmResetCiphertext2
, gcmResetCiphertext1
,
3741 gcmResetTag2
, gcmResetTag1
, sizeof(iGCMResetIV2
), sizeof(iGCMResetIV1
),
3742 sizeof(gcmResetCiphertext2
), sizeof(gcmResetCiphertext1
)
3746 static int test_gcm_reinit(int idx
)
3748 int outlen1
, outlen2
, outlen3
;
3750 unsigned char outbuf
[1024];
3751 unsigned char tag
[16];
3752 const TEST_GCM_IV_REINIT_st
*t
= &gcm_reinit_tests
[idx
];
3753 EVP_CIPHER_CTX
*ctx
= NULL
;
3754 EVP_CIPHER
*type
= NULL
;
3755 size_t taglen
= sizeof(tag
);
3756 char *errmsg
= NULL
;
3758 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3759 errmsg
= "CTX_ALLOC";
3762 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-256-gcm", testpropq
))) {
3763 errmsg
= "CIPHER_FETCH";
3766 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, 1))) {
3767 errmsg
= "ENC_INIT";
3770 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen1
, NULL
))) {
3771 errmsg
= "SET_IVLEN1";
3774 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, kGCMResetKey
, t
->iv1
, 1))) {
3778 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3782 EVP_CIPHER_CTX_set_padding(ctx
, 0);
3783 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3784 sizeof(gcmResetPlaintext
)))) {
3785 errmsg
= "CIPHER_UPDATE1";
3788 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3789 errmsg
= "CIPHER_FINAL1";
3792 if (!TEST_mem_eq(t
->expected1
, t
->expectedlen1
, outbuf
, outlen1
+ outlen2
)) {
3793 errmsg
= "WRONG_RESULT1";
3796 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3797 errmsg
= "GET_TAG1";
3800 if (!TEST_mem_eq(t
->tag1
, taglen
, tag
, taglen
)) {
3801 errmsg
= "TAG_ERROR1";
3805 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen2
, NULL
))) {
3806 errmsg
= "SET_IVLEN2";
3809 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv2
, -1))) {
3813 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3817 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3818 sizeof(gcmResetPlaintext
)))) {
3819 errmsg
= "CIPHER_UPDATE2";
3822 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3823 errmsg
= "CIPHER_FINAL2";
3826 if (!TEST_mem_eq(t
->expected2
, t
->expectedlen2
, outbuf
, outlen1
+ outlen2
)) {
3827 errmsg
= "WRONG_RESULT2";
3830 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3831 errmsg
= "GET_TAG2";
3834 if (!TEST_mem_eq(t
->tag2
, taglen
, tag
, taglen
)) {
3835 errmsg
= "TAG_ERROR2";
3841 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3842 EVP_CIPHER_CTX_free(ctx
);
3843 EVP_CIPHER_free(type
);
3847 #ifndef OPENSSL_NO_DEPRECATED_3_0
3848 static EVP_PKEY_METHOD
*custom_pmeth
= NULL
;
3849 static const EVP_PKEY_METHOD
*orig_pmeth
= NULL
;
3851 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3853 static int custom_pmeth_init(EVP_PKEY_CTX
*ctx
)
3855 int (*pinit
)(EVP_PKEY_CTX
*ctx
);
3857 EVP_PKEY_meth_get_init(orig_pmeth
, &pinit
);
3861 static void custom_pmeth_cleanup(EVP_PKEY_CTX
*ctx
)
3863 void (*pcleanup
)(EVP_PKEY_CTX
*ctx
);
3865 EVP_PKEY_meth_get_cleanup(orig_pmeth
, &pcleanup
);
3869 static int custom_pmeth_sign(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
3870 size_t *outlen
, const unsigned char *in
,
3873 int (*psign
)(EVP_PKEY_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3874 const unsigned char *tbs
, size_t tbslen
);
3876 EVP_PKEY_meth_get_sign(orig_pmeth
, NULL
, &psign
);
3877 return psign(ctx
, out
, outlen
, in
, inlen
);
3880 static int custom_pmeth_digestsign(EVP_MD_CTX
*ctx
, unsigned char *sig
,
3881 size_t *siglen
, const unsigned char *tbs
,
3884 int (*pdigestsign
)(EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3885 const unsigned char *tbs
, size_t tbslen
);
3887 EVP_PKEY_meth_get_digestsign(orig_pmeth
, &pdigestsign
);
3888 return pdigestsign(ctx
, sig
, siglen
, tbs
, tbslen
);
3891 static int custom_pmeth_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
,
3894 int (*pderive
)(EVP_PKEY_CTX
*ctx
, unsigned char *key
, size_t *keylen
);
3896 EVP_PKEY_meth_get_derive(orig_pmeth
, NULL
, &pderive
);
3897 return pderive(ctx
, key
, keylen
);
3900 static int custom_pmeth_copy(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
)
3902 int (*pcopy
)(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
);
3904 EVP_PKEY_meth_get_copy(orig_pmeth
, &pcopy
);
3905 return pcopy(dst
, src
);
3908 static int ctrl_called
;
3910 static int custom_pmeth_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
3912 int (*pctrl
)(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
3914 EVP_PKEY_meth_get_ctrl(orig_pmeth
, &pctrl
, NULL
);
3916 if (type
== EVP_PKEY_CTRL_MY_COMMAND
) {
3921 return pctrl(ctx
, type
, p1
, p2
);
3924 static int test_custom_pmeth(int idx
)
3926 EVP_PKEY_CTX
*pctx
= NULL
;
3927 EVP_MD_CTX
*ctx
= NULL
;
3928 EVP_PKEY
*pkey
= NULL
;
3929 int id
, orig_id
, orig_flags
;
3932 unsigned char *res
= NULL
;
3933 unsigned char msg
[] = { 'H', 'e', 'l', 'l', 'o' };
3934 const EVP_MD
*md
= EVP_sha256();
3939 /* We call deprecated APIs so this test doesn't support a custom libctx */
3940 if (testctx
!= NULL
)
3947 pkey
= load_example_rsa_key();
3951 # ifndef OPENSSL_NO_DSA
3953 pkey
= load_example_dsa_key();
3960 # ifndef OPENSSL_NO_EC
3962 pkey
= load_example_ec_key();
3969 # ifndef OPENSSL_NO_EC
3970 id
= EVP_PKEY_ED25519
;
3972 pkey
= load_example_ed25519_key();
3979 # ifndef OPENSSL_NO_DH
3982 pkey
= load_example_dh_key();
3989 # ifndef OPENSSL_NO_EC
3990 id
= EVP_PKEY_X25519
;
3992 pkey
= load_example_x25519_key();
3998 TEST_error("Should not happen");
4002 if (!TEST_ptr(pkey
))
4006 if (!TEST_true(evp_pkey_is_provided(pkey
)))
4009 EVP_PKEY
*tmp
= pkey
;
4011 /* Convert to a legacy key */
4012 pkey
= EVP_PKEY_new();
4013 if (!TEST_ptr(pkey
)) {
4017 if (!TEST_true(evp_pkey_copy_downgraded(&pkey
, tmp
))) {
4022 if (!TEST_true(evp_pkey_is_legacy(pkey
)))
4026 if (!TEST_ptr(orig_pmeth
= EVP_PKEY_meth_find(id
))
4030 EVP_PKEY_meth_get0_info(&orig_id
, &orig_flags
, orig_pmeth
);
4031 if (!TEST_int_eq(orig_id
, id
)
4032 || !TEST_ptr(custom_pmeth
= EVP_PKEY_meth_new(id
, orig_flags
)))
4035 if (id
== EVP_PKEY_ED25519
) {
4036 EVP_PKEY_meth_set_digestsign(custom_pmeth
, custom_pmeth_digestsign
);
4037 } if (id
== EVP_PKEY_DH
|| id
== EVP_PKEY_X25519
) {
4038 EVP_PKEY_meth_set_derive(custom_pmeth
, NULL
, custom_pmeth_derive
);
4040 EVP_PKEY_meth_set_sign(custom_pmeth
, NULL
, custom_pmeth_sign
);
4042 if (id
!= EVP_PKEY_ED25519
&& id
!= EVP_PKEY_X25519
) {
4043 EVP_PKEY_meth_set_init(custom_pmeth
, custom_pmeth_init
);
4044 EVP_PKEY_meth_set_cleanup(custom_pmeth
, custom_pmeth_cleanup
);
4045 EVP_PKEY_meth_set_copy(custom_pmeth
, custom_pmeth_copy
);
4047 EVP_PKEY_meth_set_ctrl(custom_pmeth
, custom_pmeth_ctrl
, NULL
);
4048 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth
)))
4052 pctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
4054 || !TEST_int_eq(EVP_PKEY_derive_init(pctx
), 1)
4055 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4056 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4058 || !TEST_int_eq(ctrl_called
, 1)
4059 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx
, pkey
), 1)
4060 || !TEST_int_ge(EVP_PKEY_derive(pctx
, NULL
, &reslen
), 1)
4061 || !TEST_ptr(res
= OPENSSL_malloc(reslen
))
4062 || !TEST_int_ge(EVP_PKEY_derive(pctx
, res
, &reslen
), 1))
4065 ctx
= EVP_MD_CTX_new();
4066 reslen
= EVP_PKEY_size(pkey
);
4067 res
= OPENSSL_malloc(reslen
);
4070 || !TEST_true(EVP_DigestSignInit(ctx
, &pctx
, md
, NULL
, pkey
))
4071 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4072 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4074 || !TEST_int_eq(ctrl_called
, 1))
4077 if (id
== EVP_PKEY_ED25519
) {
4078 if (!TEST_true(EVP_DigestSign(ctx
, res
, &reslen
, msg
, sizeof(msg
))))
4081 if (!TEST_true(EVP_DigestUpdate(ctx
, msg
, sizeof(msg
)))
4082 || !TEST_true(EVP_DigestSignFinal(ctx
, res
, &reslen
)))
4090 EVP_MD_CTX_free(ctx
);
4092 EVP_PKEY_CTX_free(pctx
);
4093 EVP_PKEY_free(pkey
);
4094 EVP_PKEY_meth_remove(custom_pmeth
);
4095 EVP_PKEY_meth_free(custom_pmeth
);
4096 custom_pmeth
= NULL
;
4100 static int test_evp_md_cipher_meth(void)
4102 EVP_MD
*md
= EVP_MD_meth_dup(EVP_sha256());
4103 EVP_CIPHER
*ciph
= EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4106 if (!TEST_ptr(md
) || !TEST_ptr(ciph
))
4112 EVP_MD_meth_free(md
);
4113 EVP_CIPHER_meth_free(ciph
);
4118 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4119 /* Test we can create a signature keys with an associated ENGINE */
4120 static int test_signatures_with_engine(int tst
)
4123 const char *engine_id
= "dasync";
4124 EVP_PKEY
*pkey
= NULL
;
4125 const unsigned char badcmackey
[] = { 0x00, 0x01 };
4126 const unsigned char cmackey
[] = {
4127 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4128 0x0c, 0x0d, 0x0e, 0x0f
4130 const unsigned char ed25519key
[] = {
4131 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4132 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4133 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4135 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4137 EVP_MD_CTX
*ctx
= NULL
;
4138 unsigned char *mac
= NULL
;
4142 # ifdef OPENSSL_NO_CMAC
4143 /* Skip CMAC tests in a no-cmac build */
4148 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4151 if (!TEST_true(ENGINE_init(e
))) {
4158 pkey
= EVP_PKEY_new_CMAC_key(e
, cmackey
, sizeof(cmackey
),
4162 pkey
= EVP_PKEY_new_CMAC_key(e
, badcmackey
, sizeof(badcmackey
),
4166 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519
, e
, ed25519key
,
4167 sizeof(ed25519key
));
4170 TEST_error("Invalid test case");
4173 if (!TEST_ptr(pkey
))
4176 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
4179 ret
= EVP_DigestSignInit(ctx
, NULL
, tst
== 2 ? NULL
: EVP_sha256(), NULL
,
4182 if (!TEST_true(ret
))
4185 if (!TEST_true(EVP_DigestSignUpdate(ctx
, msg
, sizeof(msg
)))
4186 || !TEST_true(EVP_DigestSignFinal(ctx
, NULL
, &maclen
)))
4189 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
4192 if (!TEST_true(EVP_DigestSignFinal(ctx
, mac
, &maclen
)))
4195 /* We used a bad key. We expect a failure here */
4196 if (!TEST_false(ret
))
4202 EVP_MD_CTX_free(ctx
);
4204 EVP_PKEY_free(pkey
);
4211 static int test_cipher_with_engine(void)
4214 const char *engine_id
= "dasync";
4215 const unsigned char keyiv
[] = {
4216 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4217 0x0c, 0x0d, 0x0e, 0x0f
4219 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4221 EVP_CIPHER_CTX
*ctx
= NULL
, *ctx2
= NULL
;
4222 unsigned char buf
[AES_BLOCK_SIZE
];
4225 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4228 if (!TEST_true(ENGINE_init(e
))) {
4233 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
4234 || !TEST_ptr(ctx2
= EVP_CIPHER_CTX_new()))
4237 if (!TEST_true(EVP_EncryptInit_ex(ctx
, EVP_aes_128_cbc(), e
, keyiv
, keyiv
)))
4240 /* Copy the ctx, and complete the operation with the new ctx */
4241 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2
, ctx
)))
4244 if (!TEST_true(EVP_EncryptUpdate(ctx2
, buf
, &len
, msg
, sizeof(msg
)))
4245 || !TEST_true(EVP_EncryptFinal_ex(ctx2
, buf
+ len
, &len
)))
4250 EVP_CIPHER_CTX_free(ctx
);
4251 EVP_CIPHER_CTX_free(ctx2
);
4257 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4258 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4260 static int ecxnids
[] = {
4267 /* Test that creating ECX keys with a short private key fails as expected */
4268 static int test_ecx_short_keys(int tst
)
4270 unsigned char ecxkeydata
= 1;
4274 pkey
= EVP_PKEY_new_raw_private_key(ecxnids
[tst
], NULL
, &ecxkeydata
, 1);
4275 if (!TEST_ptr_null(pkey
)) {
4276 EVP_PKEY_free(pkey
);
4282 typedef enum OPTION_choice
{
4289 const OPTIONS
*test_get_options(void)
4291 static const OPTIONS options
[] = {
4292 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
4293 { "context", OPT_CONTEXT
, '-', "Explicitly use a non-default library context" },
4299 int setup_tests(void)
4303 while ((o
= opt_next()) != OPT_EOF
) {
4306 /* Set up an alternate library context */
4307 testctx
= OSSL_LIB_CTX_new();
4308 if (!TEST_ptr(testctx
))
4310 /* Swap the libctx to test non-default context only */
4311 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
4312 deflprov
= OSSL_PROVIDER_load(testctx
, "default");
4313 lgcyprov
= OSSL_PROVIDER_load(testctx
, "legacy");
4315 case OPT_TEST_CASES
:
4322 ADD_TEST(test_EVP_set_default_properties
);
4323 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 30);
4324 ADD_TEST(test_EVP_DigestVerifyInit
);
4325 #ifndef OPENSSL_NO_SIPHASH
4326 ADD_TEST(test_siphash_digestsign
);
4328 ADD_TEST(test_EVP_Digest
);
4329 ADD_TEST(test_EVP_md_null
);
4330 ADD_ALL_TESTS(test_EVP_PKEY_sign
, 3);
4331 ADD_ALL_TESTS(test_EVP_Enveloped
, 2);
4332 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
4333 ADD_TEST(test_privatekey_to_pkcs8
);
4334 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag
);
4335 #ifndef OPENSSL_NO_EC
4336 ADD_TEST(test_EVP_PKCS82PKEY
);
4338 #ifndef OPENSSL_NO_EC
4339 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
4341 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4342 ADD_TEST(test_EVP_SM2
);
4343 ADD_TEST(test_EVP_SM2_verify
);
4345 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
4346 #ifndef OPENSSL_NO_DEPRECATED_3_0
4347 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
4348 if (!TEST_ptr(custom_pmeth
))
4350 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
4351 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
4352 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
4353 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
4356 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
4357 #ifndef OPENSSL_NO_CMAC
4358 ADD_TEST(test_CMAC_keygen
);
4360 ADD_TEST(test_HKDF
);
4361 ADD_TEST(test_emptyikm_HKDF
);
4362 #ifndef OPENSSL_NO_EC
4363 ADD_TEST(test_X509_PUBKEY_inplace
);
4364 ADD_TEST(test_X509_PUBKEY_dup
);
4365 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
4366 OSSL_NELEM(ec_der_pub_keys
));
4368 #ifndef OPENSSL_NO_DSA
4369 ADD_TEST(test_DSA_get_set_params
);
4370 ADD_TEST(test_DSA_priv_pub
);
4372 ADD_TEST(test_RSA_get_set_params
);
4373 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4374 ADD_TEST(test_decrypt_null_chunks
);
4376 #ifndef OPENSSL_NO_DH
4377 ADD_TEST(test_DH_priv_pub
);
4378 # ifndef OPENSSL_NO_DEPRECATED_3_0
4379 ADD_TEST(test_EVP_PKEY_set1_DH
);
4382 #ifndef OPENSSL_NO_EC
4383 ADD_TEST(test_EC_priv_pub
);
4384 # ifndef OPENSSL_NO_DEPRECATED_3_0
4385 ADD_TEST(test_EC_priv_only_legacy
);
4388 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
4389 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
4391 ADD_TEST(test_rand_agglomeration
);
4392 ADD_ALL_TESTS(test_evp_iv_aes
, 12);
4393 #ifndef OPENSSL_NO_DES
4394 ADD_ALL_TESTS(test_evp_iv_des
, 6);
4396 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits
);
4397 ADD_TEST(test_EVP_rsa_pss_set_saltlen
);
4398 #ifndef OPENSSL_NO_EC
4399 ADD_ALL_TESTS(test_ecpub
, OSSL_NELEM(ecpub_nids
));
4402 ADD_TEST(test_names_do_all
);
4404 ADD_ALL_TESTS(test_evp_init_seq
, OSSL_NELEM(evp_init_tests
));
4405 ADD_ALL_TESTS(test_evp_reset
, OSSL_NELEM(evp_reset_tests
));
4406 ADD_ALL_TESTS(test_gcm_reinit
, OSSL_NELEM(gcm_reinit_tests
));
4407 ADD_ALL_TESTS(test_evp_updated_iv
, OSSL_NELEM(evp_updated_iv_tests
));
4409 #ifndef OPENSSL_NO_DEPRECATED_3_0
4410 ADD_ALL_TESTS(test_custom_pmeth
, 12);
4411 ADD_TEST(test_evp_md_cipher_meth
);
4413 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4414 /* Tests only support the default libctx */
4415 if (testctx
== NULL
) {
4416 # ifndef OPENSSL_NO_EC
4417 ADD_ALL_TESTS(test_signatures_with_engine
, 3);
4419 ADD_ALL_TESTS(test_signatures_with_engine
, 2);
4421 ADD_TEST(test_cipher_with_engine
);
4426 ADD_ALL_TESTS(test_ecx_short_keys
, OSSL_NELEM(ecxnids
));
4431 void cleanup_tests(void)
4433 OSSL_PROVIDER_unload(nullprov
);
4434 OSSL_PROVIDER_unload(deflprov
);
4435 OSSL_PROVIDER_unload(lgcyprov
);
4436 OSSL_LIB_CTX_free(testctx
);