2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
34 #include "internal/nelem.h"
35 #include "internal/sizes.h"
36 #include "crypto/evp.h"
37 #include "../e_os.h" /* strcasecmp */
39 static OSSL_LIB_CTX
*testctx
= NULL
;
40 static char *testpropq
= NULL
;
42 static OSSL_PROVIDER
*nullprov
= NULL
;
43 static OSSL_PROVIDER
*deflprov
= NULL
;
44 static OSSL_PROVIDER
*lgcyprov
= NULL
;
47 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
48 * should never use this key anywhere but in an example.
50 static const unsigned char kExampleRSAKeyDER
[] = {
51 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
52 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
53 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
54 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
55 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
56 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
57 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
58 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
59 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
60 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
61 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
62 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
63 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
64 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
65 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
66 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
67 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
68 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
69 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
70 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
71 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
72 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
73 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
74 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
75 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
76 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
77 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
78 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
79 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
80 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
81 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
82 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
83 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
84 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
85 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
86 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
87 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
88 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
89 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
90 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
91 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
92 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
93 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
94 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
95 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
96 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
97 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
98 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
99 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
100 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
101 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
105 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
106 * should never use this key anywhere but in an example.
108 #ifndef OPENSSL_NO_DSA
109 static const unsigned char kExampleDSAKeyDER
[] = {
110 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
111 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
112 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
113 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
114 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
115 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
116 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
117 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
118 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
119 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
120 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
121 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
122 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
123 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
124 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
125 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
126 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
127 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
128 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
129 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
130 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
131 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
132 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
133 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
134 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
135 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
136 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
137 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
138 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
139 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
140 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
141 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
142 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
143 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
144 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
145 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
146 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
152 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
153 * components are not correct.
155 static const unsigned char kExampleBadRSAKeyDER
[] = {
156 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
157 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
158 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
159 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
160 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
161 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
162 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
163 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
164 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
165 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
166 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
167 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
168 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
169 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
170 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
171 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
172 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
173 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
174 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
175 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
176 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
177 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
178 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
179 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
180 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
181 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
182 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
183 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
184 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
185 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
186 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
187 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
188 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
189 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
190 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
191 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
192 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
193 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
194 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
195 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
196 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
197 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
198 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
199 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
200 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
201 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
202 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
203 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
204 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
205 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
206 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
207 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
208 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
209 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
210 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
211 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
212 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
213 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
214 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
215 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
216 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
217 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
218 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
219 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
220 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
221 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
222 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
223 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
224 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
225 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
226 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
227 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
228 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
229 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
230 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
231 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
232 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
233 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
234 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
235 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
236 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
237 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
238 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
239 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
240 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
241 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
242 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
243 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
244 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
247 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
249 static const unsigned char kSignature
[] = {
250 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
251 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
252 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
253 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
254 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
255 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
256 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
257 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
258 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
259 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
260 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
264 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
267 static const unsigned char kExampleRSAKeyPKCS8
[] = {
268 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
269 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
270 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
271 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
272 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
273 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
274 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
275 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
276 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
277 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
278 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
279 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
280 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
281 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
282 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
283 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
284 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
285 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
286 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
287 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
288 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
289 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
290 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
291 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
292 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
293 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
294 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
295 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
296 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
297 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
298 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
299 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
300 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
301 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
302 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
303 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
304 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
305 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
306 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
307 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
308 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
309 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
310 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
311 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
312 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
313 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
314 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
315 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
316 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
317 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
318 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
319 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
320 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
323 #ifndef OPENSSL_NO_EC
325 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
328 static const unsigned char kExampleECKeyDER
[] = {
329 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
330 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
331 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
332 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
333 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
334 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
335 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
336 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
337 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
338 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
343 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
344 * structure. The private key is equal to the order and will fail to import
346 static const unsigned char kExampleBadECKeyDER
[] = {
347 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
348 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
349 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
350 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
351 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
352 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
353 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
354 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
355 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
359 static const unsigned char kExampleECPubKeyDER
[] = {
360 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
361 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
362 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
363 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
364 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
365 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
366 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
367 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
371 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
372 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
374 static const unsigned char kExampleBadECPubKeyDER
[] = {
375 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
376 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
377 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
378 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
379 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
380 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
381 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
382 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
385 static const unsigned char pExampleECParamDER
[] = {
386 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
389 static const unsigned char kExampleED25519KeyDER
[] = {
390 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
391 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
392 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
393 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
396 static const unsigned char kExampleED25519PubKeyDER
[] = {
397 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
398 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
399 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
400 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
405 typedef struct APK_DATA_st
{
406 const unsigned char *kder
;
413 int type
; /* 0 for private, 1 for public, 2 for params */
416 static APK_DATA keydata
[] = {
417 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
},
418 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), "RSA", EVP_PKEY_RSA
},
419 #ifndef OPENSSL_NO_EC
420 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
}
424 static APK_DATA keycheckdata
[] = {
425 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
, 1, 1, 1,
427 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), "RSA", EVP_PKEY_RSA
,
429 #ifndef OPENSSL_NO_EC
430 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
, 1, 1, 1, 0},
431 /* group is also associated in our pub key */
432 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), "EC", EVP_PKEY_EC
, 0, 1,
434 {pExampleECParamDER
, sizeof(pExampleECParamDER
), "EC", EVP_PKEY_EC
, 0, 0, 1,
436 {kExampleED25519KeyDER
, sizeof(kExampleED25519KeyDER
), "ED25519",
437 EVP_PKEY_ED25519
, 1, 1, 1, 0},
438 {kExampleED25519PubKeyDER
, sizeof(kExampleED25519PubKeyDER
), "ED25519",
439 EVP_PKEY_ED25519
, 0, 1, 1, 1},
443 static EVP_PKEY
*load_example_key(const char *keytype
,
444 const unsigned char *data
, size_t data_len
)
446 const unsigned char **pdata
= &data
;
447 EVP_PKEY
*pkey
= NULL
;
448 OSSL_DECODER_CTX
*dctx
=
449 OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", NULL
, keytype
, 0,
452 /* |pkey| will be NULL on error */
453 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
454 OSSL_DECODER_CTX_free(dctx
);
458 static EVP_PKEY
*load_example_rsa_key(void)
460 return load_example_key("RSA", kExampleRSAKeyDER
,
461 sizeof(kExampleRSAKeyDER
));
464 #ifndef OPENSSL_NO_DSA
465 static EVP_PKEY
*load_example_dsa_key(void)
467 return load_example_key("DSA", kExampleDSAKeyDER
,
468 sizeof(kExampleDSAKeyDER
));
472 static EVP_PKEY
*load_example_hmac_key(void)
474 EVP_PKEY
*pkey
= NULL
;
475 unsigned char key
[] = {
476 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
477 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
478 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
481 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC
, NULL
, key
, sizeof(key
));
488 static int test_EVP_set_default_properties(void)
494 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
495 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
500 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
501 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
502 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
507 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
508 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
513 OSSL_LIB_CTX_free(ctx
);
517 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
518 static int test_fromdata(char *keytype
, OSSL_PARAM
*params
)
520 EVP_PKEY_CTX
*pctx
= NULL
;
521 EVP_PKEY
*pkey
= NULL
;
524 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, keytype
, testpropq
)))
526 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
527 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
537 EVP_PKEY_CTX_free(pctx
);
541 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
544 * Test combinations of private, public, missing and private + public key
545 * params to ensure they are all accepted
547 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
548 static int test_EVP_PKEY_ffc_priv_pub(char *keytype
)
550 OSSL_PARAM_BLD
*bld
= NULL
;
551 OSSL_PARAM
*params
= NULL
;
552 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
556 * Setup the parameters for our pkey object. For our purposes they don't
557 * have to actually be *valid* parameters. We just need to set something.
559 if (!TEST_ptr(p
= BN_new())
560 || !TEST_ptr(q
= BN_new())
561 || !TEST_ptr(g
= BN_new())
562 || !TEST_ptr(pub
= BN_new())
563 || !TEST_ptr(priv
= BN_new()))
566 /* Test !priv and !pub */
567 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
568 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
569 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
570 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
)))
572 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
575 if (!test_fromdata(keytype
, params
))
577 OSSL_PARAM_BLD_free_params(params
);
578 OSSL_PARAM_BLD_free(bld
);
580 /* Test priv and !pub */
581 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
582 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
583 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
584 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
585 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
588 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
591 if (!test_fromdata(keytype
, params
))
593 OSSL_PARAM_BLD_free_params(params
);
594 OSSL_PARAM_BLD_free(bld
);
596 /* Test !priv and pub */
597 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
598 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
599 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
600 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
601 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
604 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
607 if (!test_fromdata(keytype
, params
))
609 OSSL_PARAM_BLD_free_params(params
);
610 OSSL_PARAM_BLD_free(bld
);
612 /* Test priv and pub */
613 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
614 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
615 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
616 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
617 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
619 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
622 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
625 if (!test_fromdata(keytype
, params
))
630 OSSL_PARAM_BLD_free_params(params
);
631 OSSL_PARAM_BLD_free(bld
);
640 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
643 * Test combinations of private, public, missing and private + public key
644 * params to ensure they are all accepted for EC keys
646 #ifndef OPENSSL_NO_EC
647 static unsigned char ec_priv
[] = {
648 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
649 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
650 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
652 static unsigned char ec_pub
[] = {
653 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
654 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
655 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
656 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
657 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
658 0x08, 0x09, 0xb8, 0xdb, 0x03
661 static int test_EC_priv_pub(void)
663 OSSL_PARAM_BLD
*bld
= NULL
;
664 OSSL_PARAM
*params
= NULL
;
669 * Setup the parameters for our pkey object. For our purposes they don't
670 * have to actually be *valid* parameters. We just need to set something.
672 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
675 /* Test !priv and !pub */
676 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
677 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
678 OSSL_PKEY_PARAM_GROUP_NAME
,
681 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
684 if (!test_fromdata("EC", params
))
686 OSSL_PARAM_BLD_free_params(params
);
687 OSSL_PARAM_BLD_free(bld
);
689 /* Test priv and !pub */
690 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
691 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
692 OSSL_PKEY_PARAM_GROUP_NAME
,
694 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
697 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
700 if (!test_fromdata("EC", params
))
702 OSSL_PARAM_BLD_free_params(params
);
703 OSSL_PARAM_BLD_free(bld
);
705 /* Test !priv and pub */
706 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
707 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
708 OSSL_PKEY_PARAM_GROUP_NAME
,
710 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
711 OSSL_PKEY_PARAM_PUB_KEY
,
712 ec_pub
, sizeof(ec_pub
))))
714 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
717 if (!test_fromdata("EC", params
))
719 OSSL_PARAM_BLD_free_params(params
);
720 OSSL_PARAM_BLD_free(bld
);
722 /* Test priv and pub */
723 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
724 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
725 OSSL_PKEY_PARAM_GROUP_NAME
,
727 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
728 OSSL_PKEY_PARAM_PUB_KEY
,
729 ec_pub
, sizeof(ec_pub
)))
730 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
733 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
736 if (!test_fromdata("EC", params
))
741 OSSL_PARAM_BLD_free_params(params
);
742 OSSL_PARAM_BLD_free(bld
);
748 /* Test that using a legacy EC key with only a private key in it works */
749 # ifndef OPENSSL_NO_DEPRECATED_3_0
750 static int test_EC_priv_only_legacy(void)
754 EC_KEY
*eckey
= NULL
;
755 EVP_PKEY
*pkey
= NULL
;
756 EVP_MD_CTX
*ctx
= NULL
;
758 /* Create the low level EC_KEY */
759 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
762 eckey
= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
);
763 if (!TEST_ptr(eckey
))
766 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
769 pkey
= EVP_PKEY_new();
773 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
777 ctx
= EVP_MD_CTX_new();
782 * The EVP_DigestSignInit function should create the key on the provider
783 * side which is sufficient for this test.
785 if (!TEST_true(EVP_DigestSignInit_ex(ctx
, NULL
, NULL
, testctx
, testpropq
,
792 EVP_MD_CTX_free(ctx
);
799 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
800 #endif /* OPENSSL_NO_EC */
802 static int test_EVP_Enveloped(void)
805 EVP_CIPHER_CTX
*ctx
= NULL
;
806 EVP_PKEY
*keypair
= NULL
;
807 unsigned char *kek
= NULL
;
808 unsigned char iv
[EVP_MAX_IV_LENGTH
];
809 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
810 int len
, kek_len
, ciphertext_len
, plaintext_len
;
811 unsigned char ciphertext
[32], plaintext
[16];
812 const EVP_CIPHER
*type
= NULL
;
814 if (nullprov
!= NULL
)
815 return TEST_skip("Test does not support a non-default library context");
817 type
= EVP_aes_256_cbc();
819 if (!TEST_ptr(keypair
= load_example_rsa_key())
820 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_size(keypair
)))
821 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
822 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
824 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
826 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
830 ciphertext_len
+= len
;
832 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
833 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
834 ciphertext
, ciphertext_len
))
835 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
838 plaintext_len
+= len
;
839 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
845 EVP_PKEY_free(keypair
);
846 EVP_CIPHER_CTX_free(ctx
);
851 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
852 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
853 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
854 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
855 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
856 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
857 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
858 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
859 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
861 static int test_EVP_DigestSignInit(int tst
)
864 EVP_PKEY
*pkey
= NULL
;
865 unsigned char *sig
= NULL
;
867 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
868 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
869 BIO
*mdbio
= NULL
, *membio
= NULL
;
872 EVP_MD
*mdexp
= NULL
;
874 if (nullprov
!= NULL
)
875 return TEST_skip("Test does not support a non-default library context");
878 membio
= BIO_new(BIO_s_mem());
879 mdbio
= BIO_new(BIO_f_md());
880 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
882 BIO_push(mdbio
, membio
);
883 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
886 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
887 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
891 if (tst
== 0 || tst
== 3 || tst
== 6) {
892 if (!TEST_ptr(pkey
= load_example_rsa_key()))
894 } else if (tst
== 1 || tst
== 4 || tst
== 7) {
895 #ifndef OPENSSL_NO_DSA
896 if (!TEST_ptr(pkey
= load_example_dsa_key()))
903 if (!TEST_ptr(pkey
= load_example_hmac_key()))
907 if (tst
>= 3 && tst
<= 5)
908 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
912 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
916 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
919 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
923 /* Determine the size of the signature. */
924 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
925 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
926 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
930 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
931 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
936 * Ensure that the signature round-trips (Verification isn't supported for
937 * HMAC via EVP_DigestVerify*)
939 if (tst
!= 2 && tst
!= 5 && tst
!= 8) {
940 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
945 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
948 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
952 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
961 EVP_MD_CTX_free(a_md_ctx
);
962 EVP_MD_CTX_free(a_md_ctx_verify
);
970 static int test_EVP_DigestVerifyInit(void)
973 EVP_PKEY
*pkey
= NULL
;
974 EVP_MD_CTX
*md_ctx
= NULL
;
976 if (nullprov
!= NULL
)
977 return TEST_skip("Test does not support a non-default library context");
979 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
980 || !TEST_ptr(pkey
= load_example_rsa_key()))
983 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
984 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
985 || !TEST_true(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
986 sizeof(kSignature
))))
991 EVP_MD_CTX_free(md_ctx
);
997 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
999 static int test_EVP_Digest(void)
1002 EVP_MD_CTX
*md_ctx
= NULL
;
1003 unsigned char md
[EVP_MAX_MD_SIZE
];
1004 EVP_MD
*sha256
= NULL
;
1005 EVP_MD
*shake256
= NULL
;
1007 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1010 if (!TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", testpropq
))
1011 || !TEST_ptr(shake256
= EVP_MD_fetch(testctx
, "shake256", testpropq
)))
1014 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1015 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1016 || !TEST_true(EVP_DigestFinal(md_ctx
, md
, NULL
))
1017 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1018 || !TEST_ptr_eq(EVP_MD_CTX_md(md_ctx
), NULL
))
1021 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1022 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1023 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md
, NULL
))
1024 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1025 || !TEST_ptr(EVP_MD_CTX_md(md_ctx
))
1027 * EVP_DigestInit_ex with NULL type should work on
1028 * pre-initialized context.
1030 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1033 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, shake256
, NULL
))
1034 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1035 || !TEST_true(EVP_DigestFinalXOF(md_ctx
, md
, sizeof(md
)))
1036 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1037 || !TEST_ptr(EVP_MD_CTX_md(md_ctx
))
1038 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1043 EVP_MD_CTX_free(md_ctx
);
1044 EVP_MD_free(sha256
);
1045 EVP_MD_free(shake256
);
1049 static int test_d2i_AutoPrivateKey(int i
)
1052 const unsigned char *p
;
1053 EVP_PKEY
*pkey
= NULL
;
1054 const APK_DATA
*ak
= &keydata
[i
];
1055 const unsigned char *input
= ak
->kder
;
1056 size_t input_len
= ak
->size
;
1057 int expected_id
= ak
->evptype
;
1060 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1061 || !TEST_ptr_eq(p
, input
+ input_len
)
1062 || !TEST_int_eq(EVP_PKEY_id(pkey
), expected_id
))
1068 EVP_PKEY_free(pkey
);
1072 #ifndef OPENSSL_NO_EC
1074 static const unsigned char ec_public_sect163k1_validxy
[] = {
1075 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1076 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1077 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1078 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1079 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1080 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1083 static const unsigned char ec_public_sect163k1_badx
[] = {
1084 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1085 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1086 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1087 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1088 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1089 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1092 static const unsigned char ec_public_sect163k1_bady
[] = {
1093 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1094 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1095 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1096 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1097 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1098 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1101 static struct ec_der_pub_keys_st
{
1102 const unsigned char *der
;
1105 } ec_der_pub_keys
[] = {
1106 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
1107 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
1108 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
1112 * Tests the range of the decoded EC char2 public point.
1113 * See ec_GF2m_simple_oct2point().
1115 static int test_invalide_ec_char2_pub_range_decode(int id
)
1120 pkey
= load_example_key("EC", ec_der_pub_keys
[id
].der
,
1121 ec_der_pub_keys
[id
].len
);
1123 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(pkey
))
1124 || TEST_ptr_null(pkey
);
1125 EVP_PKEY_free(pkey
);
1129 /* Tests loading a bad key in PKCS8 format */
1130 static int test_EVP_PKCS82PKEY(void)
1133 const unsigned char *derp
= kExampleBadECKeyDER
;
1134 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1135 EVP_PKEY
*pkey
= NULL
;
1137 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
1138 sizeof(kExampleBadECKeyDER
))))
1141 if (!TEST_ptr_eq(derp
,
1142 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
1145 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
1151 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1152 EVP_PKEY_free(pkey
);
1158 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1159 static int test_privatekey_to_pkcs8(void)
1161 EVP_PKEY
*pkey
= NULL
;
1163 char *membuf
= NULL
;
1164 long membuf_len
= 0;
1167 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1168 || !TEST_ptr(pkey
= load_example_rsa_key())
1169 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1170 NULL
, 0, NULL
, NULL
),
1172 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
1173 || !TEST_ptr(membuf
)
1174 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
1175 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
1177 * We try to write PEM as well, just to see that it doesn't err, but
1178 * assume that the result is correct.
1180 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
1181 NULL
, 0, NULL
, NULL
),
1187 EVP_PKEY_free(pkey
);
1188 BIO_free_all(membio
);
1192 #ifndef OPENSSL_NO_EC
1193 static const struct {
1195 const char *encoding_name
;
1196 } ec_encodings
[] = {
1197 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
1198 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
1201 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
1203 const OSSL_PARAM
*p
;
1204 const char *enc_name
= NULL
;
1210 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
1211 OSSL_PKEY_PARAM_EC_ENCODING
))
1212 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
1215 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
1216 if (strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
1217 *enc
= ec_encodings
[i
].encoding
;
1222 return (*enc
!= -1);
1225 static int test_EC_keygen_with_enc(int idx
)
1227 EVP_PKEY
*params
= NULL
, *key
= NULL
;
1228 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
1232 enc
= ec_encodings
[idx
].encoding
;
1234 /* Create key parameters */
1235 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
1236 || !TEST_true(EVP_PKEY_paramgen_init(pctx
))
1237 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"))
1238 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
))
1239 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
1240 || !TEST_ptr(params
))
1244 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
1245 || !TEST_true(EVP_PKEY_keygen_init(kctx
))
1246 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
1250 /* Check that the encoding got all the way into the key */
1251 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
1252 ec_export_get_encoding_cb
, &enc
))
1253 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
1259 EVP_PKEY_free(params
);
1260 EVP_PKEY_CTX_free(kctx
);
1261 EVP_PKEY_CTX_free(pctx
);
1266 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1268 static int test_EVP_SM2_verify(void)
1270 const char *pubkey
=
1271 "-----BEGIN PUBLIC KEY-----\n"
1272 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1273 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1274 "-----END PUBLIC KEY-----\n";
1276 const char *msg
= "message digest";
1277 const char *id
= "ALICE123@YAHOO.COM";
1279 const uint8_t signature
[] = {
1280 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1281 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1282 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1283 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1284 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1285 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1286 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1291 EVP_PKEY
*pkey
= NULL
;
1292 EVP_MD_CTX
*mctx
= NULL
;
1293 EVP_PKEY_CTX
*pctx
= NULL
;
1296 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
1297 if (!TEST_true(bio
!= NULL
))
1300 pkey
= PEM_read_bio_PUBKEY_ex(bio
, NULL
, NULL
, NULL
, testctx
, testpropq
);
1301 if (!TEST_true(pkey
!= NULL
))
1304 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
1307 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
1310 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1313 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
1315 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1318 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, sm3
, NULL
, pkey
)))
1321 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
1324 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
1327 if (!TEST_true(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
))))
1333 EVP_PKEY_free(pkey
);
1334 EVP_PKEY_CTX_free(pctx
);
1335 EVP_MD_CTX_free(mctx
);
1340 static int test_EVP_SM2(void)
1343 EVP_PKEY
*pkey
= NULL
;
1344 EVP_PKEY
*pkeyparams
= NULL
;
1345 EVP_PKEY_CTX
*pctx
= NULL
;
1346 EVP_PKEY_CTX
*kctx
= NULL
;
1347 EVP_PKEY_CTX
*sctx
= NULL
;
1349 unsigned char *sig
= NULL
;
1350 EVP_MD_CTX
*md_ctx
= NULL
;
1351 EVP_MD_CTX
*md_ctx_verify
= NULL
;
1352 EVP_PKEY_CTX
*cctx
= NULL
;
1355 uint8_t ciphertext
[128];
1356 size_t ctext_len
= sizeof(ciphertext
);
1358 uint8_t plaintext
[8];
1359 size_t ptext_len
= sizeof(plaintext
);
1361 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1363 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1364 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1368 pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "SM2", testpropq
);
1369 if (!TEST_ptr(pctx
))
1372 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
1375 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
1378 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
1381 kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkeyparams
, testpropq
);
1382 if (!TEST_ptr(kctx
))
1385 if (!TEST_true(EVP_PKEY_keygen_init(kctx
)))
1388 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
1391 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1394 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
1397 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1400 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
1401 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
1403 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1406 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, sm3
, NULL
, pkey
)))
1409 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1412 if(!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1415 /* Determine the size of the signature. */
1416 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
1419 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1422 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1425 /* Ensure that the signature round-trips. */
1427 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, sm3
, NULL
, pkey
)))
1430 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1433 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1436 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1439 /* now check encryption/decryption */
1441 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1442 mdname
, sizeof(mdname
));
1443 for (i
= 0; i
< 2; i
++) {
1444 EVP_PKEY_CTX_free(cctx
);
1446 sparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1447 i
== 0 ? "SM3" : "SHA2-256",
1450 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1453 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
1456 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1459 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
1463 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
1466 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1469 if (!TEST_true(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
1473 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
1476 /* Test we're still using the digest we think we are */
1477 if (i
== 0 && !TEST_int_eq(strcmp(mdname
, "SM3"), 0))
1479 if (i
== 1 && !TEST_int_eq(strcmp(mdname
, "SHA2-256"), 0))
1482 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
1485 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
1491 EVP_PKEY_CTX_free(pctx
);
1492 EVP_PKEY_CTX_free(kctx
);
1493 EVP_PKEY_CTX_free(sctx
);
1494 EVP_PKEY_CTX_free(cctx
);
1495 EVP_PKEY_free(pkey
);
1496 EVP_PKEY_free(pkeyparams
);
1497 EVP_MD_CTX_free(md_ctx
);
1498 EVP_MD_CTX_free(md_ctx_verify
);
1506 static struct keys_st
{
1512 EVP_PKEY_HMAC
, "0123456789", NULL
1514 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
1516 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
1518 #ifndef OPENSSL_NO_EC
1520 EVP_PKEY_X25519
, "01234567890123456789012345678901",
1521 "abcdefghijklmnopqrstuvwxyzabcdef"
1523 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
1524 "abcdefghijklmnopqrstuvwxyzabcdef"
1527 "01234567890123456789012345678901234567890123456789012345",
1528 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1531 "012345678901234567890123456789012345678901234567890123456",
1532 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1537 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
1540 unsigned char buf
[80];
1542 size_t inlen
, len
= 0;
1545 if (nullprov
!= NULL
)
1546 return TEST_skip("Test does not support a non-default library context");
1548 /* Check if this algorithm supports public keys */
1549 if (keys
[tst
].pub
== NULL
)
1552 memset(buf
, 0, sizeof(buf
));
1555 inlen
= strlen(keys
[tst
].pub
);
1556 in
= (unsigned char *)keys
[tst
].pub
;
1558 pkey
= EVP_PKEY_new_raw_public_key_ex(
1560 OBJ_nid2sn(keys
[tst
].type
),
1565 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
1571 inlen
= strlen(keys
[tst
].priv
);
1572 in
= (unsigned char *)keys
[tst
].priv
;
1574 pkey
= EVP_PKEY_new_raw_private_key_ex(
1575 testctx
, OBJ_nid2sn(keys
[tst
].type
),
1580 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
1588 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
1589 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
1590 || !TEST_true(len
== inlen
)
1591 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
1592 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
1593 || !TEST_mem_eq(in
, inlen
, buf
, len
))
1598 EVP_PKEY_free(pkey
);
1602 static int test_set_get_raw_keys(int tst
)
1604 return test_set_get_raw_keys_int(tst
, 0, 0)
1605 && test_set_get_raw_keys_int(tst
, 0, 1)
1606 && test_set_get_raw_keys_int(tst
, 1, 0)
1607 && test_set_get_raw_keys_int(tst
, 1, 1);
1610 #ifndef OPENSSL_NO_DEPRECATED_3_0
1611 static int pkey_custom_check(EVP_PKEY
*pkey
)
1616 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
1621 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
1626 static EVP_PKEY_METHOD
*custom_pmeth
;
1629 static int test_EVP_PKEY_check(int i
)
1632 EVP_PKEY
*pkey
= NULL
;
1633 EVP_PKEY_CTX
*ctx
= NULL
;
1634 #ifndef OPENSSL_NO_DEPRECATED_3_0
1635 EVP_PKEY_CTX
*ctx2
= NULL
;
1637 const APK_DATA
*ak
= &keycheckdata
[i
];
1638 const unsigned char *input
= ak
->kder
;
1639 size_t input_len
= ak
->size
;
1640 int expected_id
= ak
->evptype
;
1641 int expected_check
= ak
->check
;
1642 int expected_pub_check
= ak
->pub_check
;
1643 int expected_param_check
= ak
->param_check
;
1644 int type
= ak
->type
;
1646 if (!TEST_ptr(pkey
= load_example_key(ak
->keytype
, input
, input_len
)))
1649 && !TEST_int_eq(EVP_PKEY_id(pkey
), expected_id
))
1652 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1655 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
1658 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
1661 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
1664 #ifndef OPENSSL_NO_DEPRECATED_3_0
1665 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
1666 /* assign the pkey directly, as an internal test */
1667 EVP_PKEY_up_ref(pkey
);
1670 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
1673 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
1676 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
1683 EVP_PKEY_CTX_free(ctx
);
1684 #ifndef OPENSSL_NO_DEPRECATED_3_0
1685 EVP_PKEY_CTX_free(ctx2
);
1687 EVP_PKEY_free(pkey
);
1691 #ifndef OPENSSL_NO_CMAC
1692 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
1694 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
1695 const char msg
[] = "Hello World";
1699 if (!TEST_ptr(mdctx
)
1700 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, NULL
, testctx
,
1701 testpropq
, pkey
, NULL
))
1702 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
1703 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
1704 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
1707 EVP_MD_CTX_free(mdctx
);
1711 static int test_CMAC_keygen(void)
1713 static unsigned char key
[] = {
1714 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1715 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1716 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
1718 EVP_PKEY_CTX
*kctx
= NULL
;
1720 EVP_PKEY
*pkey
= NULL
;
1721 unsigned char mac
[AES_BLOCK_SIZE
];
1722 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1723 unsigned char mac2
[AES_BLOCK_SIZE
];
1726 if (nullprov
!= NULL
)
1727 return TEST_skip("Test does not support a non-default library context");
1730 * This is a legacy method for CMACs, but should still work.
1731 * This verifies that it works without an ENGINE.
1733 kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
1735 /* Test a CMAC key created using the "generated" method */
1736 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
1737 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
1738 EVP_PKEY_CTRL_CIPHER
,
1739 0, (void *)EVP_aes_256_ecb()), 0)
1740 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
1741 EVP_PKEY_CTRL_SET_MAC_KEY
,
1742 sizeof(key
), (void *)key
), 0)
1743 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
1745 || !TEST_true(get_cmac_val(pkey
, mac
)))
1748 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
1749 EVP_PKEY_free(pkey
);
1752 * Test a CMAC key using the direct method, and compare with the mac
1755 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_ecb());
1757 || !TEST_true(get_cmac_val(pkey
, mac2
))
1758 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
1765 EVP_PKEY_free(pkey
);
1766 EVP_PKEY_CTX_free(kctx
);
1771 static int test_HKDF(void)
1774 unsigned char out
[20];
1777 unsigned char salt
[] = "0123456789";
1778 unsigned char key
[] = "012345678901234567890123456789";
1779 unsigned char info
[] = "infostring";
1780 const unsigned char expected
[] = {
1781 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1782 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1784 size_t expectedlen
= sizeof(expected
);
1786 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
1789 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1790 for (i
= 0; i
< 2; i
++) {
1791 outlen
= sizeof(out
);
1792 memset(out
, 0, outlen
);
1794 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
1795 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
1796 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
1797 sizeof(salt
) - 1), 0)
1798 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
1799 sizeof(key
) - 1), 0)
1800 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
1801 sizeof(info
) - 1), 0)
1802 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
1803 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
1810 EVP_PKEY_CTX_free(pctx
);
1815 static int test_emptyikm_HKDF(void)
1818 unsigned char out
[20];
1821 unsigned char salt
[] = "9876543210";
1822 unsigned char key
[] = "";
1823 unsigned char info
[] = "stringinfo";
1824 const unsigned char expected
[] = {
1825 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1826 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1828 size_t expectedlen
= sizeof(expected
);
1830 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
1833 outlen
= sizeof(out
);
1834 memset(out
, 0, outlen
);
1836 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
1837 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
1838 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
1839 sizeof(salt
) - 1), 0)
1840 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
1841 sizeof(key
) - 1), 0)
1842 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
1843 sizeof(info
) - 1), 0)
1844 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
1845 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
1851 EVP_PKEY_CTX_free(pctx
);
1856 #ifndef OPENSSL_NO_EC
1857 static int test_X509_PUBKEY_inplace(void)
1860 X509_PUBKEY
*xp
= NULL
;
1861 const unsigned char *p
= kExampleECPubKeyDER
;
1862 size_t input_len
= sizeof(kExampleECPubKeyDER
);
1864 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(NULL
, &p
, input_len
)))
1867 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
1870 p
= kExampleBadECPubKeyDER
;
1871 input_len
= sizeof(kExampleBadECPubKeyDER
);
1873 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
1876 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
1882 X509_PUBKEY_free(xp
);
1886 static int test_X509_PUBKEY_dup(void)
1889 X509_PUBKEY
*xp
= NULL
, *xq
= NULL
;
1890 const unsigned char *p
= kExampleECPubKeyDER
;
1891 size_t input_len
= sizeof(kExampleECPubKeyDER
);
1893 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(NULL
, &p
, input_len
))
1894 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
))
1895 || !TEST_ptr_ne(xp
, xq
))
1898 if (!TEST_ptr(X509_PUBKEY_get0(xq
))
1899 || !TEST_ptr(X509_PUBKEY_get0(xp
))
1900 || !TEST_ptr_eq(X509_PUBKEY_get0(xq
), X509_PUBKEY_get0(xp
)))
1903 X509_PUBKEY_free(xq
);
1905 p
= kExampleBadECPubKeyDER
;
1906 input_len
= sizeof(kExampleBadECPubKeyDER
);
1908 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
))
1909 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
)))
1912 X509_PUBKEY_free(xp
);
1914 if (!TEST_true(X509_PUBKEY_get0(xq
) == NULL
))
1920 X509_PUBKEY_free(xp
);
1921 X509_PUBKEY_free(xq
);
1924 #endif /* OPENSSL_NO_EC */
1926 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1927 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
1929 EVP_MD_CTX
*mdctx
= NULL
;
1930 EVP_PKEY_CTX
*ctx
= NULL
;
1931 const OSSL_PARAM
*params
;
1932 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
1935 char mdname
[OSSL_MAX_NAME_SIZE
];
1938 /* Initialise a sign operation */
1939 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
);
1941 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
1945 * We should be able to query the parameters now.
1947 params
= EVP_PKEY_CTX_settable_params(ctx
);
1948 if (!TEST_ptr(params
)
1949 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
1950 OSSL_SIGNATURE_PARAM_DIGEST
)))
1953 params
= EVP_PKEY_CTX_gettable_params(ctx
);
1954 if (!TEST_ptr(params
)
1955 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
1956 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
1957 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
1958 OSSL_SIGNATURE_PARAM_DIGEST
)))
1962 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1963 * EVP_PKEY_CTX_get_params()
1965 strcpy(mdname
, "SHA512");
1967 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
1969 *param
++ = OSSL_PARAM_construct_end();
1971 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
1975 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
1976 mdname
, sizeof(mdname
));
1977 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
1978 || !TEST_str_eq(mdname
, "SHA512"))
1982 * Test the TEST_PKEY_CTX_set_signature_md() and
1983 * TEST_PKEY_CTX_get_signature_md() functions
1985 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
1986 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
1987 || !TEST_ptr_eq(md
, EVP_sha256()))
1991 * Test getting MD parameters via an associated EVP_PKEY_CTX
1993 mdctx
= EVP_MD_CTX_new();
1994 if (!TEST_ptr(mdctx
)
1995 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", testctx
, testpropq
,
2000 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2001 * able to obtain the digest's settable parameters from the provider.
2003 params
= EVP_MD_CTX_settable_params(mdctx
);
2004 if (!TEST_ptr(params
)
2005 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
2006 /* The final key should be NULL */
2007 || !TEST_ptr_null(params
[1].key
))
2011 memset(ssl3ms
, 0, sizeof(ssl3ms
));
2012 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
2013 ssl3ms
, sizeof(ssl3ms
));
2014 *param
++ = OSSL_PARAM_construct_end();
2016 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
2022 EVP_MD_CTX_free(mdctx
);
2023 EVP_PKEY_CTX_free(ctx
);
2028 #ifndef OPENSSL_NO_DSA
2029 static int test_DSA_get_set_params(void)
2031 OSSL_PARAM_BLD
*bld
= NULL
;
2032 OSSL_PARAM
*params
= NULL
;
2033 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
2034 EVP_PKEY_CTX
*pctx
= NULL
;
2035 EVP_PKEY
*pkey
= NULL
;
2039 * Setup the parameters for our DSA object. For our purposes they don't
2040 * have to actually be *valid* parameters. We just need to set something.
2042 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "DSA", NULL
))
2043 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2044 || !TEST_ptr(p
= BN_new())
2045 || !TEST_ptr(q
= BN_new())
2046 || !TEST_ptr(g
= BN_new())
2047 || !TEST_ptr(pub
= BN_new())
2048 || !TEST_ptr(priv
= BN_new()))
2050 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
2051 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
2052 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
2053 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
2055 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
2058 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2061 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2062 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2066 if (!TEST_ptr(pkey
))
2069 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2072 EVP_PKEY_free(pkey
);
2073 EVP_PKEY_CTX_free(pctx
);
2074 OSSL_PARAM_BLD_free_params(params
);
2075 OSSL_PARAM_BLD_free(bld
);
2086 * Test combinations of private, public, missing and private + public key
2087 * params to ensure they are all accepted
2089 static int test_DSA_priv_pub(void)
2091 return test_EVP_PKEY_ffc_priv_pub("DSA");
2094 #endif /* !OPENSSL_NO_DSA */
2096 static int test_RSA_get_set_params(void)
2098 OSSL_PARAM_BLD
*bld
= NULL
;
2099 OSSL_PARAM
*params
= NULL
;
2100 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
2101 EVP_PKEY_CTX
*pctx
= NULL
;
2102 EVP_PKEY
*pkey
= NULL
;
2106 * Setup the parameters for our RSA object. For our purposes they don't
2107 * have to actually be *valid* parameters. We just need to set something.
2109 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
2110 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2111 || !TEST_ptr(n
= BN_new())
2112 || !TEST_ptr(e
= BN_new())
2113 || !TEST_ptr(d
= BN_new()))
2115 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
2116 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
2117 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
2119 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2122 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2123 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2127 if (!TEST_ptr(pkey
))
2130 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2133 EVP_PKEY_free(pkey
);
2134 EVP_PKEY_CTX_free(pctx
);
2135 OSSL_PARAM_BLD_free_params(params
);
2136 OSSL_PARAM_BLD_free(bld
);
2144 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2145 static int test_decrypt_null_chunks(void)
2147 EVP_CIPHER_CTX
* ctx
= NULL
;
2148 EVP_CIPHER
*cipher
= NULL
;
2149 const unsigned char key
[32] = {
2150 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2151 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2152 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2154 unsigned char iv
[12] = {
2155 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2157 unsigned char msg
[] = "It was the best of times, it was the worst of times";
2158 unsigned char ciphertext
[80];
2159 unsigned char plaintext
[80];
2160 /* We initialise tmp to a non zero value on purpose */
2161 int ctlen
, ptlen
, tmp
= 99;
2163 const int enc_offset
= 10, dec_offset
= 20;
2165 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "ChaCha20-Poly1305", testpropq
))
2166 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
2167 || !TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
,
2169 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
2171 /* Deliberate add a zero length update */
2172 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
2174 || !TEST_int_eq(tmp
, 0)
2175 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
2177 sizeof(msg
) - enc_offset
))
2178 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
2179 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
2180 || !TEST_int_eq(tmp
, 0))
2183 /* Deliberately initialise tmp to a non zero value */
2185 if (!TEST_true(EVP_DecryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
2186 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
2189 * Deliberately add a zero length update. We also deliberately do
2190 * this at a different offset than for encryption.
2192 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
2194 || !TEST_int_eq(tmp
, 0)
2195 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
2196 ciphertext
+ dec_offset
,
2197 ctlen
- dec_offset
))
2198 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
2199 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
2200 || !TEST_int_eq(tmp
, 0)
2201 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
2206 EVP_CIPHER_CTX_free(ctx
);
2207 EVP_CIPHER_free(cipher
);
2210 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2212 #ifndef OPENSSL_NO_DH
2214 * Test combinations of private, public, missing and private + public key
2215 * params to ensure they are all accepted
2217 static int test_DH_priv_pub(void)
2219 return test_EVP_PKEY_ffc_priv_pub("DH");
2222 # ifndef OPENSSL_NO_DEPRECATED_3_0
2223 static int test_EVP_PKEY_set1_DH(void)
2225 DH
*x942dh
= NULL
, *noqdh
= NULL
;
2226 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
2228 BIGNUM
*p
, *g
= NULL
;
2230 if (!TEST_ptr(p
= BN_new())
2231 || !TEST_ptr(g
= BN_new())
2232 || !BN_set_word(p
, 9999)
2233 || !BN_set_word(g
, 2)
2234 || !TEST_ptr(noqdh
= DH_new())
2235 || !DH_set0_pqg(noqdh
, p
, NULL
, g
))
2239 x942dh
= DH_get_2048_256();
2240 pkey1
= EVP_PKEY_new();
2241 pkey2
= EVP_PKEY_new();
2242 if (!TEST_ptr(x942dh
)
2245 || !TEST_ptr(pkey2
))
2248 if(!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
2249 || !TEST_int_eq(EVP_PKEY_id(pkey1
), EVP_PKEY_DHX
))
2252 if(!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
2253 || !TEST_int_eq(EVP_PKEY_id(pkey2
), EVP_PKEY_DH
))
2260 EVP_PKEY_free(pkey1
);
2261 EVP_PKEY_free(pkey2
);
2267 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2268 #endif /* !OPENSSL_NO_DH */
2271 * We test what happens with an empty template. For the sake of this test,
2272 * the template must be ignored, and we know that's the case for RSA keys
2273 * (this might arguably be a misfeature, but that's what we currently do,
2274 * even in provider code, since that's how the legacy RSA implementation
2277 static int test_keygen_with_empty_template(int n
)
2279 EVP_PKEY_CTX
*ctx
= NULL
;
2280 EVP_PKEY
*pkey
= NULL
;
2281 EVP_PKEY
*tkey
= NULL
;
2284 if (nullprov
!= NULL
)
2285 return TEST_skip("Test does not support a non-default library context");
2289 /* We do test with no template at all as well */
2290 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
2294 /* Here we create an empty RSA key that serves as our template */
2295 if (!TEST_ptr(tkey
= EVP_PKEY_new())
2296 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
2297 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
2302 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
2303 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
2308 EVP_PKEY_CTX_free(ctx
);
2309 EVP_PKEY_free(pkey
);
2310 EVP_PKEY_free(tkey
);
2315 * Test that we fail if we attempt to use an algorithm that is not available
2316 * in the current library context (unless we are using an algorithm that
2317 * should be made available via legacy codepaths).
2322 static int test_pkey_ctx_fail_without_provider(int tst
)
2324 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
2325 OSSL_PROVIDER
*tmpnullprov
= NULL
;
2326 EVP_PKEY_CTX
*pctx
= NULL
;
2327 const char *keytype
= NULL
;
2328 int expect_null
= 0;
2331 if (!TEST_ptr(tmpctx
))
2334 tmpnullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
2335 if (!TEST_ptr(tmpnullprov
))
2339 * We check for certain algos in the null provider.
2340 * If an algo is expected to have a provider keymgmt, contructing an
2341 * EVP_PKEY_CTX is expected to fail (return NULL).
2342 * Otherwise, if it's expected to have legacy support, contructing an
2343 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2353 #ifdef OPENSSL_NO_EC
2354 TEST_info("EC disable, skipping SM2 check...");
2357 #ifdef OPENSSL_NO_SM2
2358 TEST_info("SM2 disable, skipping SM2 check...");
2363 TEST_error("No test for case %d", tst
);
2367 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
2368 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
2371 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2377 EVP_PKEY_CTX_free(pctx
);
2378 OSSL_PROVIDER_unload(tmpnullprov
);
2379 OSSL_LIB_CTX_free(tmpctx
);
2383 static int test_rand_agglomeration(void)
2387 OSSL_PARAM params
[3], *p
= params
;
2389 unsigned int step
= 7;
2390 static unsigned char seed
[] = "It does not matter how slowly you go "
2391 "as long as you do not stop.";
2392 unsigned char out
[sizeof(seed
)];
2394 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
2395 || !TEST_ptr(rand
= EVP_RAND_fetch(testctx
, "TEST-RAND", testpropq
)))
2397 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
2398 EVP_RAND_free(rand
);
2402 memset(out
, 0, sizeof(out
));
2403 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
2404 seed
, sizeof(seed
));
2405 *p
++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST
, &step
);
2406 *p
= OSSL_PARAM_construct_end();
2407 res
= TEST_true(EVP_RAND_set_ctx_params(ctx
, params
))
2408 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
2409 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
2410 EVP_RAND_CTX_free(ctx
);
2415 * Test that we correctly return the original or "running" IV after
2416 * an encryption operation.
2417 * Run multiple times for some different relevant algorithms/modes.
2419 static int test_evp_iv(int idx
)
2422 EVP_CIPHER_CTX
*ctx
= NULL
;
2423 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2424 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2425 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
2426 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2427 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2428 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2429 9, 10, 11, 12, 13, 14, 15, 16 };
2430 unsigned char ciphertext
[32], oiv
[16], iv
[16];
2431 unsigned char *ref_iv
;
2432 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2433 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2435 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2436 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2437 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2438 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2439 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2440 #ifndef OPENSSL_NO_OCB
2441 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2442 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2444 int len
= sizeof(ciphertext
);
2445 size_t ivlen
, ref_len
;
2446 const EVP_CIPHER
*type
= NULL
;
2448 if (nullprov
!= NULL
&& idx
< 5)
2449 return TEST_skip("Test does not support a non-default library context");
2453 type
= EVP_aes_128_cbc();
2456 type
= (type
!= NULL
) ? type
:
2457 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", testpropq
);
2459 ref_len
= sizeof(cbc_state
);
2462 type
= EVP_aes_128_ofb();
2465 type
= (type
!= NULL
) ? type
:
2466 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", testpropq
);
2468 ref_len
= sizeof(ofb_state
);
2471 type
= EVP_aes_128_gcm();
2474 type
= (type
!= NULL
) ? type
:
2475 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", testpropq
);
2477 ref_len
= sizeof(gcm_state
);
2480 type
= EVP_aes_128_ccm();
2483 type
= (type
!= NULL
) ? type
:
2484 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", testpropq
);
2486 ref_len
= sizeof(ccm_state
);
2488 #ifdef OPENSSL_NO_OCB
2494 type
= EVP_aes_128_ocb();
2497 type
= (type
!= NULL
) ? type
:
2498 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", testpropq
);
2500 ref_len
= sizeof(ocb_state
);
2508 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
2509 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
2510 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
2512 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
2513 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
2514 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
2516 ivlen
= EVP_CIPHER_CTX_iv_length(ctx
);
2517 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
2518 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
2523 EVP_CIPHER_CTX_free(ctx
);
2525 EVP_CIPHER_free((EVP_CIPHER
*)type
);
2529 #ifndef OPENSSL_NO_EC
2530 static int ecpub_nids
[] = { NID_brainpoolP256r1
, NID_X9_62_prime256v1
,
2531 NID_secp384r1
, NID_secp521r1
, NID_sect233k1
, NID_sect233r1
, NID_sect283r1
,
2532 NID_sect409k1
, NID_sect409r1
, NID_sect571k1
, NID_sect571r1
,
2533 NID_brainpoolP384r1
, NID_brainpoolP512r1
};
2535 static int test_ecpub(int idx
)
2537 int ret
= 0, len
, savelen
;
2539 unsigned char buf
[1024];
2541 EVP_PKEY
*pkey
= NULL
;
2542 EVP_PKEY_CTX
*ctx
= NULL
;
2543 # ifndef OPENSSL_NO_DEPRECATED_3_0
2544 const unsigned char *q
;
2545 EVP_PKEY
*pkey2
= NULL
;
2549 if (nullprov
!= NULL
)
2550 return TEST_skip("Test does not support a non-default library context");
2552 nid
= ecpub_nids
[idx
];
2554 ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
2556 || !TEST_true(EVP_PKEY_keygen_init(ctx
))
2557 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, nid
))
2558 || !TEST_true(EVP_PKEY_keygen(ctx
, &pkey
)))
2560 len
= i2d_PublicKey(pkey
, NULL
);
2562 if (!TEST_int_ge(len
, 1)
2563 || !TEST_int_lt(len
, 1024))
2566 len
= i2d_PublicKey(pkey
, &p
);
2567 if (!TEST_int_ge(len
, 1)
2568 || !TEST_int_eq(len
, savelen
))
2571 # ifndef OPENSSL_NO_DEPRECATED_3_0
2572 /* Now try to decode the just-created DER. */
2574 if (!TEST_ptr((pkey2
= EVP_PKEY_new()))
2575 || !TEST_ptr((ec
= EC_KEY_new_by_curve_name(nid
)))
2576 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2
, ec
)))
2578 /* EC_KEY ownership transferred */
2580 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC
, &pkey2
, &q
, savelen
)))
2582 /* The keys should match. */
2583 if (!TEST_int_eq(EVP_PKEY_cmp(pkey
, pkey2
), 1))
2590 EVP_PKEY_CTX_free(ctx
);
2591 EVP_PKEY_free(pkey
);
2592 # ifndef OPENSSL_NO_DEPRECATED_3_0
2593 EVP_PKEY_free(pkey2
);
2600 static int test_EVP_rsa_pss_with_keygen_bits(void)
2603 EVP_PKEY_CTX
*ctx
= NULL
;
2604 EVP_PKEY
*pkey
= NULL
;
2607 md
= EVP_MD_fetch(testctx
, "sha256", testpropq
);
2609 && TEST_ptr((ctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", testpropq
)))
2610 && TEST_true(EVP_PKEY_keygen_init(ctx
))
2611 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, 512), 0)
2612 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx
, md
))
2613 && TEST_true(EVP_PKEY_keygen(ctx
, &pkey
));
2616 EVP_PKEY_free(pkey
);
2617 EVP_PKEY_CTX_free(ctx
);
2621 static int success
= 1;
2622 static void md_names(const char *name
, void *vctx
)
2624 OSSL_LIB_CTX
*ctx
= (OSSL_LIB_CTX
*)vctx
;
2625 /* Force a namemap update */
2626 EVP_CIPHER
*aes128
= EVP_CIPHER_fetch(ctx
, "AES-128-CBC", NULL
);
2628 if (!TEST_ptr(aes128
))
2631 EVP_CIPHER_free(aes128
);
2635 * Test that changing the namemap in a user callback works in a names_do_all
2638 static int test_names_do_all(void)
2640 /* We use a custom libctx so that we know the state of the namemap */
2641 OSSL_LIB_CTX
*ctx
= OSSL_LIB_CTX_new();
2642 EVP_MD
*sha256
= NULL
;
2648 sha256
= EVP_MD_fetch(ctx
, "SHA2-256", NULL
);
2649 if (!TEST_ptr(sha256
))
2653 * We loop through all the names for a given digest. This should still work
2654 * even if the namemap changes part way through.
2656 if (!TEST_true(EVP_MD_names_do_all(sha256
, md_names
, ctx
)))
2659 if (!TEST_true(success
))
2664 EVP_MD_free(sha256
);
2665 OSSL_LIB_CTX_free(ctx
);
2669 typedef enum OPTION_choice
{
2676 const OPTIONS
*test_get_options(void)
2678 static const OPTIONS options
[] = {
2679 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
2680 { "context", OPT_CONTEXT
, '-', "Explicitly use a non-default library context" },
2686 int setup_tests(void)
2690 while ((o
= opt_next()) != OPT_EOF
) {
2693 /* Set up an alternate library context */
2694 testctx
= OSSL_LIB_CTX_new();
2695 if (!TEST_ptr(testctx
))
2697 /* Swap the libctx to test non-default context only */
2698 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
2699 deflprov
= OSSL_PROVIDER_load(testctx
, "default");
2700 lgcyprov
= OSSL_PROVIDER_load(testctx
, "legacy");
2702 case OPT_TEST_CASES
:
2709 ADD_TEST(test_EVP_set_default_properties
);
2710 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 9);
2711 ADD_TEST(test_EVP_DigestVerifyInit
);
2712 ADD_TEST(test_EVP_Digest
);
2713 ADD_TEST(test_EVP_Enveloped
);
2714 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
2715 ADD_TEST(test_privatekey_to_pkcs8
);
2716 #ifndef OPENSSL_NO_EC
2717 ADD_TEST(test_EVP_PKCS82PKEY
);
2719 #ifndef OPENSSL_NO_EC
2720 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
2722 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
2723 ADD_TEST(test_EVP_SM2
);
2724 ADD_TEST(test_EVP_SM2_verify
);
2726 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
2727 #ifndef OPENSSL_NO_DEPRECATED_3_0
2728 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
2729 if (!TEST_ptr(custom_pmeth
))
2731 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
2732 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
2733 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
2734 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
2737 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
2738 #ifndef OPENSSL_NO_CMAC
2739 ADD_TEST(test_CMAC_keygen
);
2741 ADD_TEST(test_HKDF
);
2742 ADD_TEST(test_emptyikm_HKDF
);
2743 #ifndef OPENSSL_NO_EC
2744 ADD_TEST(test_X509_PUBKEY_inplace
);
2745 ADD_TEST(test_X509_PUBKEY_dup
);
2746 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
2747 OSSL_NELEM(ec_der_pub_keys
));
2749 #ifndef OPENSSL_NO_DSA
2750 ADD_TEST(test_DSA_get_set_params
);
2751 ADD_TEST(test_DSA_priv_pub
);
2753 ADD_TEST(test_RSA_get_set_params
);
2754 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2755 ADD_TEST(test_decrypt_null_chunks
);
2757 #ifndef OPENSSL_NO_DH
2758 ADD_TEST(test_DH_priv_pub
);
2759 # ifndef OPENSSL_NO_DEPRECATED_3_0
2760 ADD_TEST(test_EVP_PKEY_set1_DH
);
2763 #ifndef OPENSSL_NO_EC
2764 ADD_TEST(test_EC_priv_pub
);
2765 # ifndef OPENSSL_NO_DEPRECATED_3_0
2766 ADD_TEST(test_EC_priv_only_legacy
);
2769 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
2770 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
2772 ADD_TEST(test_rand_agglomeration
);
2773 ADD_ALL_TESTS(test_evp_iv
, 10);
2774 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits
);
2775 #ifndef OPENSSL_NO_EC
2776 ADD_ALL_TESTS(test_ecpub
, OSSL_NELEM(ecpub_nids
));
2779 ADD_TEST(test_names_do_all
);
2784 void cleanup_tests(void)
2786 OSSL_PROVIDER_unload(nullprov
);
2787 OSSL_PROVIDER_unload(deflprov
);
2788 OSSL_PROVIDER_unload(lgcyprov
);
2789 OSSL_LIB_CTX_free(testctx
);