2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
40 static OSSL_LIB_CTX
*testctx
= NULL
;
41 static char *testpropq
= NULL
;
43 static OSSL_PROVIDER
*nullprov
= NULL
;
44 static OSSL_PROVIDER
*deflprov
= NULL
;
45 static OSSL_PROVIDER
*lgcyprov
= NULL
;
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
51 static const unsigned char kExampleRSAKeyDER
[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER
[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
156 static const unsigned char kExampleBadRSAKeyDER
[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
248 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
250 static const unsigned char kSignature
[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
268 static const unsigned char kExampleRSAKeyPKCS8
[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
324 #ifndef OPENSSL_NO_EC
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
329 static const unsigned char kExampleECKeyDER
[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
347 static const unsigned char kExampleBadECKeyDER
[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
360 static const unsigned char kExampleECPubKeyDER
[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
375 static const unsigned char kExampleBadECPubKeyDER
[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
386 static const unsigned char pExampleECParamDER
[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
390 static const unsigned char kExampleED25519KeyDER
[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
397 static const unsigned char kExampleED25519PubKeyDER
[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER
[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER
[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
447 static const unsigned char kCFBDefaultKey
[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
452 static const unsigned char kGCMDefaultKey
[32] = { 0 };
454 static const unsigned char kGCMResetKey
[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
460 static const unsigned char iCFBIV
[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
465 static const unsigned char iGCMDefaultIV
[12] = { 0 };
467 static const unsigned char iGCMResetIV1
[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
471 static const unsigned char iGCMResetIV2
[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
475 static const unsigned char cfbPlaintext
[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
480 static const unsigned char gcmDefaultPlaintext
[16] = { 0 };
482 static const unsigned char gcmResetPlaintext
[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
490 static const unsigned char cfbCiphertext
[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
495 static const unsigned char gcmDefaultCiphertext
[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
500 static const unsigned char gcmResetCiphertext1
[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
508 static const unsigned char gcmResetCiphertext2
[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
516 static const unsigned char gcmAAD
[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
521 static const unsigned char gcmDefaultTag
[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
526 static const unsigned char gcmResetTag1
[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
531 static const unsigned char gcmResetTag2
[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
536 typedef struct APK_DATA_st
{
537 const unsigned char *kder
;
544 int type
; /* 0 for private, 1 for public, 2 for params */
547 static APK_DATA keydata
[] = {
548 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
},
549 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), "RSA", EVP_PKEY_RSA
},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
}
555 static APK_DATA keycheckdata
[] = {
556 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
, 1, 1, 1,
558 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), "RSA", EVP_PKEY_RSA
,
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), "EC", EVP_PKEY_EC
, 0, 1,
565 {pExampleECParamDER
, sizeof(pExampleECParamDER
), "EC", EVP_PKEY_EC
, 0, 0, 1,
567 {kExampleED25519KeyDER
, sizeof(kExampleED25519KeyDER
), "ED25519",
568 EVP_PKEY_ED25519
, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER
, sizeof(kExampleED25519PubKeyDER
), "ED25519",
570 EVP_PKEY_ED25519
, 0, 1, 1, 1},
574 static EVP_PKEY
*load_example_key(const char *keytype
,
575 const unsigned char *data
, size_t data_len
)
577 const unsigned char **pdata
= &data
;
578 EVP_PKEY
*pkey
= NULL
;
579 OSSL_DECODER_CTX
*dctx
=
580 OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", NULL
, keytype
, 0,
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
585 OSSL_DECODER_CTX_free(dctx
);
589 static EVP_PKEY
*load_example_rsa_key(void)
591 return load_example_key("RSA", kExampleRSAKeyDER
,
592 sizeof(kExampleRSAKeyDER
));
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY
*load_example_dsa_key(void)
598 return load_example_key("DSA", kExampleDSAKeyDER
,
599 sizeof(kExampleDSAKeyDER
));
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY
*load_example_ec_key(void)
606 return load_example_key("EC", kExampleECKeyDER
,
607 sizeof(kExampleECKeyDER
));
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY
*load_example_dh_key(void)
615 return load_example_key("DH", kExampleDHKeyDER
,
616 sizeof(kExampleDHKeyDER
));
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY
*load_example_ed25519_key(void)
623 return load_example_key("ED25519", kExampleED25519KeyDER
,
624 sizeof(kExampleED25519KeyDER
));
627 static EVP_PKEY
*load_example_x25519_key(void)
629 return load_example_key("X25519", kExampleX25519KeyDER
,
630 sizeof(kExampleX25519KeyDER
));
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
635 static EVP_PKEY
*load_example_hmac_key(void)
637 EVP_PKEY
*pkey
= NULL
;
638 unsigned char key
[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
644 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, "HMAC",
645 NULL
, key
, sizeof(key
));
652 static int test_EVP_set_default_properties(void)
658 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
659 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
664 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
665 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
666 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
671 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
672 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
677 OSSL_LIB_CTX_free(ctx
);
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static EVP_PKEY
*make_key_fromdata(char *keytype
, OSSL_PARAM
*params
)
684 EVP_PKEY_CTX
*pctx
= NULL
;
685 EVP_PKEY
*tmp_pkey
= NULL
, *pkey
= NULL
;
687 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, keytype
, testpropq
)))
689 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
690 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &tmp_pkey
, EVP_PKEY_KEYPAIR
,
694 if (!TEST_ptr(tmp_pkey
))
700 EVP_PKEY_free(tmp_pkey
);
701 EVP_PKEY_CTX_free(pctx
);
705 static int test_selection(EVP_PKEY
*pkey
, int selection
)
709 BIO
*bio
= BIO_new(BIO_s_mem());
711 ret
= PEM_write_bio_PUBKEY(bio
, pkey
);
712 if ((selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0) {
716 if (!TEST_false(ret
))
719 ret
= PEM_write_bio_PrivateKey_ex(bio
, pkey
, NULL
, NULL
, 0, NULL
, NULL
,
721 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
725 if (!TEST_false(ret
))
735 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
738 * Test combinations of private, public, missing and private + public key
739 * params to ensure they are all accepted
741 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
742 static int test_EVP_PKEY_ffc_priv_pub(char *keytype
)
744 OSSL_PARAM_BLD
*bld
= NULL
;
745 OSSL_PARAM
*params
= NULL
;
746 EVP_PKEY
*just_params
= NULL
;
747 EVP_PKEY
*params_and_priv
= NULL
;
748 EVP_PKEY
*params_and_pub
= NULL
;
749 EVP_PKEY
*params_and_keypair
= NULL
;
750 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
754 * Setup the parameters for our pkey object. For our purposes they don't
755 * have to actually be *valid* parameters. We just need to set something.
757 if (!TEST_ptr(p
= BN_new())
758 || !TEST_ptr(q
= BN_new())
759 || !TEST_ptr(g
= BN_new())
760 || !TEST_ptr(pub
= BN_new())
761 || !TEST_ptr(priv
= BN_new()))
764 /* Test !priv and !pub */
765 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
766 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
768 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
)))
770 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
771 || !TEST_ptr(just_params
= make_key_fromdata(keytype
, params
)))
774 OSSL_PARAM_free(params
);
775 OSSL_PARAM_BLD_free(bld
);
779 if (!test_selection(just_params
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
780 || test_selection(just_params
, OSSL_KEYMGMT_SELECT_KEYPAIR
))
783 /* Test priv and !pub */
784 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
791 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
792 || !TEST_ptr(params_and_priv
= make_key_fromdata(keytype
, params
)))
795 OSSL_PARAM_free(params
);
796 OSSL_PARAM_BLD_free(bld
);
800 if (!test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
)
801 || test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
804 /* Test !priv and pub */
805 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
807 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
809 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
812 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
813 || !TEST_ptr(params_and_pub
= make_key_fromdata(keytype
, params
)))
816 OSSL_PARAM_free(params
);
817 OSSL_PARAM_BLD_free(bld
);
821 if (!test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
)
822 || test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
825 /* Test priv and pub */
826 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
827 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
828 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
830 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
832 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
835 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
836 || !TEST_ptr(params_and_keypair
= make_key_fromdata(keytype
, params
)))
839 if (!test_selection(params_and_keypair
, EVP_PKEY_KEYPAIR
))
844 OSSL_PARAM_free(params
);
845 OSSL_PARAM_BLD_free(bld
);
846 EVP_PKEY_free(just_params
);
847 EVP_PKEY_free(params_and_priv
);
848 EVP_PKEY_free(params_and_pub
);
849 EVP_PKEY_free(params_and_keypair
);
858 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
861 * Test combinations of private, public, missing and private + public key
862 * params to ensure they are all accepted for EC keys
864 #ifndef OPENSSL_NO_EC
865 static unsigned char ec_priv
[] = {
866 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
867 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
868 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
870 static unsigned char ec_pub
[] = {
871 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
872 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
873 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
874 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
875 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
876 0x08, 0x09, 0xb8, 0xdb, 0x03
879 static int test_EC_priv_pub(void)
881 OSSL_PARAM_BLD
*bld
= NULL
;
882 OSSL_PARAM
*params
= NULL
;
883 EVP_PKEY
*just_params
= NULL
;
884 EVP_PKEY
*params_and_priv
= NULL
;
885 EVP_PKEY
*params_and_pub
= NULL
;
886 EVP_PKEY
*params_and_keypair
= NULL
;
891 * Setup the parameters for our pkey object. For our purposes they don't
892 * have to actually be *valid* parameters. We just need to set something.
894 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
897 /* Test !priv and !pub */
898 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
899 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
900 OSSL_PKEY_PARAM_GROUP_NAME
,
903 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
904 || !TEST_ptr(just_params
= make_key_fromdata("EC", params
)))
907 OSSL_PARAM_free(params
);
908 OSSL_PARAM_BLD_free(bld
);
912 if (!test_selection(just_params
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
913 || test_selection(just_params
, OSSL_KEYMGMT_SELECT_KEYPAIR
))
916 /* Test priv and !pub */
917 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
918 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
919 OSSL_PKEY_PARAM_GROUP_NAME
,
921 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
924 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
925 || !TEST_ptr(params_and_priv
= make_key_fromdata("EC", params
)))
928 OSSL_PARAM_free(params
);
929 OSSL_PARAM_BLD_free(bld
);
934 * We indicate only parameters here, in spite of having built a key that
935 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
936 * expected to fail because it does not support exporting a private EC
937 * key without a corresponding public key
939 if (!test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
940 || test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
943 /* Test !priv and pub */
944 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
945 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
946 OSSL_PKEY_PARAM_GROUP_NAME
,
948 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
949 OSSL_PKEY_PARAM_PUB_KEY
,
950 ec_pub
, sizeof(ec_pub
))))
952 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
953 || !TEST_ptr(params_and_pub
= make_key_fromdata("EC", params
)))
956 OSSL_PARAM_free(params
);
957 OSSL_PARAM_BLD_free(bld
);
961 if (!test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
)
962 || test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
965 /* Test priv and pub */
966 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
967 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
968 OSSL_PKEY_PARAM_GROUP_NAME
,
970 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
971 OSSL_PKEY_PARAM_PUB_KEY
,
972 ec_pub
, sizeof(ec_pub
)))
973 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
976 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
977 || !TEST_ptr(params_and_keypair
= make_key_fromdata("EC", params
)))
980 if (!test_selection(params_and_keypair
, EVP_PKEY_KEYPAIR
))
983 /* Try key equality */
984 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, just_params
), 0)
985 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_pub
),
987 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_priv
),
989 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_keypair
),
991 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub
, params_and_pub
), 0)
992 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv
, params_and_priv
), 0)
993 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair
, params_and_pub
), 0)
994 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair
, params_and_priv
), 0))
999 OSSL_PARAM_free(params
);
1000 OSSL_PARAM_BLD_free(bld
);
1001 EVP_PKEY_free(just_params
);
1002 EVP_PKEY_free(params_and_priv
);
1003 EVP_PKEY_free(params_and_pub
);
1004 EVP_PKEY_free(params_and_keypair
);
1010 /* Test that using a legacy EC key with only a private key in it works */
1011 # ifndef OPENSSL_NO_DEPRECATED_3_0
1012 static int test_EC_priv_only_legacy(void)
1014 BIGNUM
*priv
= NULL
;
1016 EC_KEY
*eckey
= NULL
;
1017 EVP_PKEY
*pkey
= NULL
, *dup_pk
= NULL
;
1018 EVP_MD_CTX
*ctx
= NULL
;
1020 /* Create the low level EC_KEY */
1021 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
1024 eckey
= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
);
1025 if (!TEST_ptr(eckey
))
1028 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
1031 pkey
= EVP_PKEY_new();
1032 if (!TEST_ptr(pkey
))
1035 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1039 while (dup_pk
== NULL
) {
1041 ctx
= EVP_MD_CTX_new();
1046 * The EVP_DigestSignInit function should create the key on the
1047 * provider side which is sufficient for this test.
1049 if (!TEST_true(EVP_DigestSignInit_ex(ctx
, NULL
, NULL
, testctx
,
1050 testpropq
, pkey
, NULL
)))
1052 EVP_MD_CTX_free(ctx
);
1055 if (!TEST_ptr(dup_pk
= EVP_PKEY_dup(pkey
)))
1057 /* EVP_PKEY_eq() returns -2 with missing public keys */
1058 ret
= TEST_int_eq(EVP_PKEY_eq(pkey
, dup_pk
), -2);
1059 EVP_PKEY_free(pkey
);
1066 EVP_MD_CTX_free(ctx
);
1067 EVP_PKEY_free(pkey
);
1073 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1074 #endif /* OPENSSL_NO_EC */
1076 static int test_EVP_PKEY_sign(int tst
)
1079 EVP_PKEY
*pkey
= NULL
;
1080 unsigned char *sig
= NULL
;
1081 size_t sig_len
= 0, shortsig_len
= 1;
1082 EVP_PKEY_CTX
*ctx
= NULL
;
1083 unsigned char tbs
[] = {
1084 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1085 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1089 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1091 } else if (tst
== 1) {
1092 #ifndef OPENSSL_NO_DSA
1093 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1100 #ifndef OPENSSL_NO_EC
1101 if (!TEST_ptr(pkey
= load_example_ec_key()))
1109 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1111 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1112 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1115 sig
= OPENSSL_malloc(sig_len
);
1117 /* Test sending a signature buffer that is too short is rejected */
1118 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1120 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1122 /* Test the signature round-trips */
1123 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1124 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1130 EVP_PKEY_CTX_free(ctx
);
1132 EVP_PKEY_free(pkey
);
1137 * n = 0 => test using legacy cipher
1138 * n = 1 => test using fetched cipher
1140 static int test_EVP_Enveloped(int n
)
1143 EVP_CIPHER_CTX
*ctx
= NULL
;
1144 EVP_PKEY
*keypair
= NULL
;
1145 unsigned char *kek
= NULL
;
1146 unsigned char iv
[EVP_MAX_IV_LENGTH
];
1147 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1148 int len
, kek_len
, ciphertext_len
, plaintext_len
;
1149 unsigned char ciphertext
[32], plaintext
[16];
1150 EVP_CIPHER
*type
= NULL
;
1152 if (nullprov
!= NULL
)
1153 return TEST_skip("Test does not support a non-default library context");
1156 type
= (EVP_CIPHER
*)EVP_aes_256_cbc();
1157 else if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "AES-256-CBC",
1161 if (!TEST_ptr(keypair
= load_example_rsa_key())
1162 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_get_size(keypair
)))
1163 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1164 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
1166 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
1168 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
1172 ciphertext_len
+= len
;
1174 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
1175 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
1176 ciphertext
, ciphertext_len
))
1177 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
1180 plaintext_len
+= len
;
1181 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
1187 EVP_CIPHER_free(type
);
1189 EVP_PKEY_free(keypair
);
1190 EVP_CIPHER_CTX_free(ctx
);
1195 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1196 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1197 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1198 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1199 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1200 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1201 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1202 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1203 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1204 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1205 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1206 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1207 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1208 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1209 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1210 * Test 15-29: Same as above with reinitialization
1212 static int test_EVP_DigestSignInit(int tst
)
1215 EVP_PKEY
*pkey
= NULL
;
1216 unsigned char *sig
= NULL
, *sig2
= NULL
;
1217 size_t sig_len
= 0, sig2_len
= 0, shortsig_len
= 1;
1218 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
1219 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
1220 BIO
*mdbio
= NULL
, *membio
= NULL
;
1223 EVP_MD
*mdexp
= NULL
;
1226 if (nullprov
!= NULL
)
1227 return TEST_skip("Test does not support a non-default library context");
1234 if (tst
>= 6 && tst
<= 8) {
1235 membio
= BIO_new(BIO_s_mem());
1236 mdbio
= BIO_new(BIO_f_md());
1237 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
1239 BIO_push(mdbio
, membio
);
1240 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
1243 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
1244 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
1249 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1251 } else if (tst
% 3 == 1) {
1252 #ifndef OPENSSL_NO_DSA
1253 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1260 if (!TEST_ptr(pkey
= load_example_hmac_key()))
1264 if (tst
>= 3 && tst
<= 5)
1265 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
1269 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
1272 if (reinit
&& !TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, NULL
, NULL
, NULL
)))
1275 if (tst
>= 6 && tst
<= 8) {
1276 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
1278 } else if (tst
< 6) {
1279 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1284 /* Determine the size of the signature. */
1285 if (!TEST_true(EVP_DigestSign(md_ctx
, NULL
, &sig_len
, kMsg
,
1287 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1290 /* Test that supply a short sig buffer fails */
1291 if (!TEST_false(EVP_DigestSign(md_ctx
, sig
, &shortsig_len
, kMsg
,
1295 * We end here because once EVP_DigestSign() has failed you should
1296 * not call it again without re-initing the ctx
1301 if (!TEST_true(EVP_DigestSign(md_ctx
, sig
, &sig_len
, kMsg
,
1305 /* Determine the size of the signature. */
1306 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
1307 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
1309 * Trying to create a signature with a deliberately short
1310 * buffer should fail.
1312 || !TEST_false(EVP_DigestSignFinal(md_ctx
, sig
, &shortsig_len
))
1313 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1318 * Ensure that the signature round-trips (Verification isn't supported for
1319 * HMAC via EVP_DigestVerify*)
1322 if (tst
>= 6 && tst
<= 8) {
1323 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
1324 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
1328 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
1332 if (tst
>= 6 && tst
<= 8) {
1333 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
1336 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
1340 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1343 /* Multiple calls to EVP_DigestVerifyFinal should work */
1344 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1348 * For HMAC a doubled call to DigestSignFinal should produce the same
1349 * value as finalization should not happen.
1351 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig2_len
))
1352 || !TEST_ptr(sig2
= OPENSSL_malloc(sig2_len
))
1353 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig2
, &sig2_len
)))
1356 if (!TEST_mem_eq(sig
, sig_len
, sig2
, sig2_len
))
1365 EVP_MD_CTX_free(a_md_ctx
);
1366 EVP_MD_CTX_free(a_md_ctx_verify
);
1367 EVP_PKEY_free(pkey
);
1375 static int test_EVP_DigestVerifyInit(void)
1378 EVP_PKEY
*pkey
= NULL
;
1379 EVP_MD_CTX
*md_ctx
= NULL
;
1381 if (nullprov
!= NULL
)
1382 return TEST_skip("Test does not support a non-default library context");
1384 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1385 || !TEST_ptr(pkey
= load_example_rsa_key()))
1388 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
1389 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1390 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1391 sizeof(kSignature
)), 0))
1394 /* test with reinitialization */
1395 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, NULL
, NULL
, NULL
))
1396 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1397 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1398 sizeof(kSignature
)), 0))
1403 EVP_MD_CTX_free(md_ctx
);
1404 EVP_PKEY_free(pkey
);
1408 #ifndef OPENSSL_NO_SIPHASH
1409 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1410 static int test_siphash_digestsign(void)
1412 unsigned char key
[16];
1413 unsigned char buf
[8], digest
[8];
1414 unsigned char expected
[8] = {
1415 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1417 EVP_PKEY
*pkey
= NULL
;
1418 EVP_MD_CTX
*mdctx
= NULL
;
1419 EVP_PKEY_CTX
*ctx
= NULL
;
1423 if (nullprov
!= NULL
)
1424 return TEST_skip("Test does not support a non-default library context");
1428 if (!TEST_ptr(pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH
, NULL
,
1432 if (!TEST_ptr(mdctx
= EVP_MD_CTX_create()))
1435 if (!TEST_true(EVP_DigestSignInit(mdctx
, &ctx
, NULL
, NULL
, pkey
)))
1437 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_SIGNCTX
,
1438 EVP_PKEY_CTRL_SET_DIGEST_SIZE
,
1442 if (!TEST_true(EVP_DigestSignInit(mdctx
, NULL
, NULL
, NULL
, NULL
)))
1444 if (!TEST_true(EVP_DigestSignUpdate(mdctx
, buf
, 8)))
1446 if (!TEST_true(EVP_DigestSignFinal(mdctx
, digest
, &len
)))
1448 if (!TEST_mem_eq(digest
, len
, expected
, sizeof(expected
)))
1453 EVP_PKEY_free(pkey
);
1454 EVP_MD_CTX_free(mdctx
);
1460 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1462 static int test_EVP_Digest(void)
1465 EVP_MD_CTX
*md_ctx
= NULL
;
1466 unsigned char md
[EVP_MAX_MD_SIZE
];
1467 EVP_MD
*sha256
= NULL
;
1468 EVP_MD
*shake256
= NULL
;
1470 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1473 if (!TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", testpropq
))
1474 || !TEST_ptr(shake256
= EVP_MD_fetch(testctx
, "shake256", testpropq
)))
1477 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1478 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1479 || !TEST_true(EVP_DigestFinal(md_ctx
, md
, NULL
))
1480 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1481 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx
), NULL
))
1484 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1485 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1486 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md
, NULL
))
1487 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1488 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1490 * EVP_DigestInit_ex with NULL type should work on
1491 * pre-initialized context.
1493 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1496 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, shake256
, NULL
))
1497 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1498 || !TEST_true(EVP_DigestFinalXOF(md_ctx
, md
, sizeof(md
)))
1499 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1500 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1501 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1506 EVP_MD_CTX_free(md_ctx
);
1507 EVP_MD_free(sha256
);
1508 EVP_MD_free(shake256
);
1512 static int test_EVP_md_null(void)
1515 EVP_MD_CTX
*md_ctx
= NULL
;
1516 const EVP_MD
*md_null
= EVP_md_null();
1517 unsigned char md_value
[EVP_MAX_MD_SIZE
];
1518 unsigned int md_len
= sizeof(md_value
);
1520 if (nullprov
!= NULL
)
1521 return TEST_skip("Test does not support a non-default library context");
1523 if (!TEST_ptr(md_null
)
1524 || !TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1527 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, md_null
, NULL
))
1528 || !TEST_true(EVP_DigestUpdate(md_ctx
, "test", 4))
1529 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md_value
, &md_len
)))
1532 if (!TEST_uint_eq(md_len
, 0))
1537 EVP_MD_CTX_free(md_ctx
);
1541 static int test_d2i_AutoPrivateKey(int i
)
1544 const unsigned char *p
;
1545 EVP_PKEY
*pkey
= NULL
;
1546 const APK_DATA
*ak
= &keydata
[i
];
1547 const unsigned char *input
= ak
->kder
;
1548 size_t input_len
= ak
->size
;
1549 int expected_id
= ak
->evptype
;
1552 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1553 || !TEST_ptr_eq(p
, input
+ input_len
)
1554 || !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
1560 EVP_PKEY_free(pkey
);
1564 #ifndef OPENSSL_NO_EC
1566 static const unsigned char ec_public_sect163k1_validxy
[] = {
1567 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1568 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1569 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1570 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1571 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1572 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1575 static const unsigned char ec_public_sect163k1_badx
[] = {
1576 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1577 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1578 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1579 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1580 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1581 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1584 static const unsigned char ec_public_sect163k1_bady
[] = {
1585 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1586 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1587 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1588 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1589 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1590 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1593 static struct ec_der_pub_keys_st
{
1594 const unsigned char *der
;
1597 } ec_der_pub_keys
[] = {
1598 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
1599 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
1600 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
1604 * Tests the range of the decoded EC char2 public point.
1605 * See ec_GF2m_simple_oct2point().
1607 static int test_invalide_ec_char2_pub_range_decode(int id
)
1612 pkey
= load_example_key("EC", ec_der_pub_keys
[id
].der
,
1613 ec_der_pub_keys
[id
].len
);
1615 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(pkey
))
1616 || TEST_ptr_null(pkey
);
1617 EVP_PKEY_free(pkey
);
1621 /* Tests loading a bad key in PKCS8 format */
1622 static int test_EVP_PKCS82PKEY(void)
1625 const unsigned char *derp
= kExampleBadECKeyDER
;
1626 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1627 EVP_PKEY
*pkey
= NULL
;
1629 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
1630 sizeof(kExampleBadECKeyDER
))))
1633 if (!TEST_ptr_eq(derp
,
1634 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
1637 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
1643 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1644 EVP_PKEY_free(pkey
);
1650 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1652 EVP_PKEY
*pkey
= NULL
;
1653 EVP_PKEY
*pkey2
= NULL
;
1655 char *membuf
= NULL
;
1656 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1659 if (testctx
!= NULL
)
1660 /* test not supported with non-default context */
1663 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1664 || !TEST_ptr(pkey
= load_example_rsa_key())
1665 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1666 NULL
, 0, NULL
, NULL
),
1668 || !TEST_int_gt(BIO_get_mem_data(membio
, &membuf
), 0)
1669 || !TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO_bio(membio
, NULL
))
1670 || !TEST_ptr(pkey2
= EVP_PKCS82PKEY(p8inf
))
1671 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1677 EVP_PKEY_free(pkey
);
1678 EVP_PKEY_free(pkey2
);
1679 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1680 BIO_free_all(membio
);
1684 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1685 static int test_privatekey_to_pkcs8(void)
1687 EVP_PKEY
*pkey
= NULL
;
1689 char *membuf
= NULL
;
1690 long membuf_len
= 0;
1693 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1694 || !TEST_ptr(pkey
= load_example_rsa_key())
1695 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1696 NULL
, 0, NULL
, NULL
),
1698 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
1699 || !TEST_ptr(membuf
)
1700 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
1701 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
1703 * We try to write PEM as well, just to see that it doesn't err, but
1704 * assume that the result is correct.
1706 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
1707 NULL
, 0, NULL
, NULL
),
1713 EVP_PKEY_free(pkey
);
1714 BIO_free_all(membio
);
1718 #ifndef OPENSSL_NO_EC
1719 static const struct {
1721 const char *encoding_name
;
1722 } ec_encodings
[] = {
1723 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
1724 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
1727 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
1729 const OSSL_PARAM
*p
;
1730 const char *enc_name
= NULL
;
1736 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
1737 OSSL_PKEY_PARAM_EC_ENCODING
))
1738 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
1741 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
1742 if (strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
1743 *enc
= ec_encodings
[i
].encoding
;
1748 return (*enc
!= -1);
1751 static int test_EC_keygen_with_enc(int idx
)
1753 EVP_PKEY
*params
= NULL
, *key
= NULL
;
1754 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
1758 enc
= ec_encodings
[idx
].encoding
;
1760 /* Create key parameters */
1761 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
1762 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx
), 0)
1763 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"))
1764 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
))
1765 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
1766 || !TEST_ptr(params
))
1770 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
1771 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
1772 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
1776 /* Check that the encoding got all the way into the key */
1777 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
1778 ec_export_get_encoding_cb
, &enc
))
1779 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
1785 EVP_PKEY_free(params
);
1786 EVP_PKEY_CTX_free(kctx
);
1787 EVP_PKEY_CTX_free(pctx
);
1792 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1794 static int test_EVP_SM2_verify(void)
1796 const char *pubkey
=
1797 "-----BEGIN PUBLIC KEY-----\n"
1798 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1799 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1800 "-----END PUBLIC KEY-----\n";
1802 const char *msg
= "message digest";
1803 const char *id
= "ALICE123@YAHOO.COM";
1805 const uint8_t signature
[] = {
1806 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1807 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1808 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1809 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1810 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1811 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1812 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1817 EVP_PKEY
*pkey
= NULL
;
1818 EVP_MD_CTX
*mctx
= NULL
;
1819 EVP_PKEY_CTX
*pctx
= NULL
;
1822 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
1823 if (!TEST_true(bio
!= NULL
))
1826 pkey
= PEM_read_bio_PUBKEY_ex(bio
, NULL
, NULL
, NULL
, testctx
, testpropq
);
1827 if (!TEST_true(pkey
!= NULL
))
1830 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
1833 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
1836 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1839 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
1841 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1844 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, sm3
, NULL
, pkey
)))
1847 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
1850 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
1853 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
)), 0))
1859 EVP_PKEY_free(pkey
);
1860 EVP_PKEY_CTX_free(pctx
);
1861 EVP_MD_CTX_free(mctx
);
1866 static int test_EVP_SM2(void)
1869 EVP_PKEY
*pkey
= NULL
;
1870 EVP_PKEY
*pkeyparams
= NULL
;
1871 EVP_PKEY_CTX
*pctx
= NULL
;
1872 EVP_PKEY_CTX
*kctx
= NULL
;
1873 EVP_PKEY_CTX
*sctx
= NULL
;
1875 unsigned char *sig
= NULL
;
1876 EVP_MD_CTX
*md_ctx
= NULL
;
1877 EVP_MD_CTX
*md_ctx_verify
= NULL
;
1878 EVP_PKEY_CTX
*cctx
= NULL
;
1879 EVP_MD
*check_md
= NULL
;
1881 uint8_t ciphertext
[128];
1882 size_t ctext_len
= sizeof(ciphertext
);
1884 uint8_t plaintext
[8];
1885 size_t ptext_len
= sizeof(plaintext
);
1887 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1889 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1890 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1892 char mdname
[OSSL_MAX_NAME_SIZE
];
1894 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
,
1898 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
1901 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
1904 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
1907 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1908 pkeyparams
, testpropq
)))
1911 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0))
1914 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
1917 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1920 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
1923 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1926 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
1927 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
1929 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1932 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, check_md
, NULL
, pkey
)))
1935 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1938 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1941 /* Determine the size of the signature. */
1942 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
1945 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1948 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1951 /* Ensure that the signature round-trips. */
1953 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
1957 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1960 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1963 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1966 /* now check encryption/decryption */
1968 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1969 mdname
, sizeof(mdname
));
1970 for (i
= 0; i
< 2; i
++) {
1971 const char *mdnames
[] = {
1972 #ifndef OPENSSL_NO_SM3
1978 EVP_PKEY_CTX_free(cctx
);
1980 if (mdnames
[i
] == NULL
)
1984 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1985 (char *)mdnames
[i
], 0);
1987 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1991 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
1994 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1997 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
2001 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
2004 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
2007 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
2011 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
2015 * Test we're still using the digest we think we are.
2016 * Because of aliases, the easiest is to fetch the digest and
2017 * check the name with EVP_MD_is_a().
2019 EVP_MD_free(check_md
);
2020 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, mdname
, testpropq
)))
2022 if (!TEST_true(EVP_MD_is_a(check_md
, mdnames
[i
]))) {
2023 TEST_info("Fetched md %s isn't %s", mdname
, mdnames
[i
]);
2027 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
2030 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
2036 EVP_PKEY_CTX_free(pctx
);
2037 EVP_PKEY_CTX_free(kctx
);
2038 EVP_PKEY_CTX_free(sctx
);
2039 EVP_PKEY_CTX_free(cctx
);
2040 EVP_PKEY_free(pkey
);
2041 EVP_PKEY_free(pkeyparams
);
2042 EVP_MD_CTX_free(md_ctx
);
2043 EVP_MD_CTX_free(md_ctx_verify
);
2044 EVP_MD_free(check_md
);
2051 static struct keys_st
{
2057 EVP_PKEY_HMAC
, "0123456789", NULL
2060 EVP_PKEY_HMAC
, "", NULL
2061 #ifndef OPENSSL_NO_POLY1305
2063 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
2065 #ifndef OPENSSL_NO_SIPHASH
2067 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
2070 #ifndef OPENSSL_NO_EC
2072 EVP_PKEY_X25519
, "01234567890123456789012345678901",
2073 "abcdefghijklmnopqrstuvwxyzabcdef"
2075 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
2076 "abcdefghijklmnopqrstuvwxyzabcdef"
2079 "01234567890123456789012345678901234567890123456789012345",
2080 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2083 "012345678901234567890123456789012345678901234567890123456",
2084 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2089 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
2092 unsigned char buf
[80];
2094 size_t inlen
, len
= 0, shortlen
= 1;
2097 /* Check if this algorithm supports public keys */
2098 if (pub
&& keys
[tst
].pub
== NULL
)
2101 memset(buf
, 0, sizeof(buf
));
2104 #ifndef OPENSSL_NO_EC
2105 inlen
= strlen(keys
[tst
].pub
);
2106 in
= (unsigned char *)keys
[tst
].pub
;
2108 pkey
= EVP_PKEY_new_raw_public_key_ex(
2110 OBJ_nid2sn(keys
[tst
].type
),
2115 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
2124 inlen
= strlen(keys
[tst
].priv
);
2125 in
= (unsigned char *)keys
[tst
].priv
;
2127 pkey
= EVP_PKEY_new_raw_private_key_ex(
2128 testctx
, OBJ_nid2sn(keys
[tst
].type
),
2133 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
2141 || !TEST_int_eq(EVP_PKEY_eq(pkey
, pkey
), 1)
2142 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
2143 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
2144 || !TEST_true(len
== inlen
))
2148 * Test that supplying a buffer that is too small fails. Doesn't apply
2149 * to HMAC with a zero length key
2151 if ((!pub
&& !TEST_false(EVP_PKEY_get_raw_private_key(pkey
, buf
,
2153 || (pub
&& !TEST_false(EVP_PKEY_get_raw_public_key(pkey
, buf
,
2157 if ((!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
2158 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
2159 || !TEST_mem_eq(in
, inlen
, buf
, len
))
2164 EVP_PKEY_free(pkey
);
2168 static int test_set_get_raw_keys(int tst
)
2170 return (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 0, 0))
2171 && test_set_get_raw_keys_int(tst
, 0, 1)
2172 && (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 1, 0))
2173 && test_set_get_raw_keys_int(tst
, 1, 1);
2176 #ifndef OPENSSL_NO_DEPRECATED_3_0
2177 static int pkey_custom_check(EVP_PKEY
*pkey
)
2182 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
2187 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
2192 static EVP_PKEY_METHOD
*custom_pmeth
;
2195 static int test_EVP_PKEY_check(int i
)
2198 EVP_PKEY
*pkey
= NULL
;
2199 EVP_PKEY_CTX
*ctx
= NULL
;
2200 #ifndef OPENSSL_NO_DEPRECATED_3_0
2201 EVP_PKEY_CTX
*ctx2
= NULL
;
2203 const APK_DATA
*ak
= &keycheckdata
[i
];
2204 const unsigned char *input
= ak
->kder
;
2205 size_t input_len
= ak
->size
;
2206 int expected_id
= ak
->evptype
;
2207 int expected_check
= ak
->check
;
2208 int expected_pub_check
= ak
->pub_check
;
2209 int expected_param_check
= ak
->param_check
;
2210 int type
= ak
->type
;
2212 if (!TEST_ptr(pkey
= load_example_key(ak
->keytype
, input
, input_len
)))
2215 && !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
2218 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2221 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
2224 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
2227 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
2230 #ifndef OPENSSL_NO_DEPRECATED_3_0
2231 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
2232 /* assign the pkey directly, as an internal test */
2233 EVP_PKEY_up_ref(pkey
);
2236 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
2239 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
2242 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
2249 EVP_PKEY_CTX_free(ctx
);
2250 #ifndef OPENSSL_NO_DEPRECATED_3_0
2251 EVP_PKEY_CTX_free(ctx2
);
2253 EVP_PKEY_free(pkey
);
2257 #ifndef OPENSSL_NO_CMAC
2258 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
2260 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
2261 const char msg
[] = "Hello World";
2262 size_t maclen
= AES_BLOCK_SIZE
;
2265 if (!TEST_ptr(mdctx
)
2266 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, NULL
, testctx
,
2267 testpropq
, pkey
, NULL
))
2268 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
2269 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
2270 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
2273 EVP_MD_CTX_free(mdctx
);
2277 static int test_CMAC_keygen(void)
2279 static unsigned char key
[] = {
2280 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2281 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2282 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2284 EVP_PKEY_CTX
*kctx
= NULL
;
2286 EVP_PKEY
*pkey
= NULL
;
2287 unsigned char mac
[AES_BLOCK_SIZE
];
2288 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2289 unsigned char mac2
[AES_BLOCK_SIZE
];
2292 if (nullprov
!= NULL
)
2293 return TEST_skip("Test does not support a non-default library context");
2296 * This is a legacy method for CMACs, but should still work.
2297 * This verifies that it works without an ENGINE.
2299 kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
2301 /* Test a CMAC key created using the "generated" method */
2302 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2303 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2304 EVP_PKEY_CTRL_CIPHER
,
2305 0, (void *)EVP_aes_256_ecb()), 0)
2306 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2307 EVP_PKEY_CTRL_SET_MAC_KEY
,
2308 sizeof(key
), (void *)key
), 0)
2309 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
2311 || !TEST_true(get_cmac_val(pkey
, mac
)))
2314 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2315 EVP_PKEY_free(pkey
);
2318 * Test a CMAC key using the direct method, and compare with the mac
2321 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_ecb());
2323 || !TEST_true(get_cmac_val(pkey
, mac2
))
2324 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
2331 EVP_PKEY_free(pkey
);
2332 EVP_PKEY_CTX_free(kctx
);
2337 static int test_HKDF(void)
2340 unsigned char out
[20];
2343 unsigned char salt
[] = "0123456789";
2344 unsigned char key
[] = "012345678901234567890123456789";
2345 unsigned char info
[] = "infostring";
2346 const unsigned char expected
[] = {
2347 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2348 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2350 size_t expectedlen
= sizeof(expected
);
2352 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2355 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2356 for (i
= 0; i
< 2; i
++) {
2357 outlen
= sizeof(out
);
2358 memset(out
, 0, outlen
);
2360 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2361 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2362 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2363 sizeof(salt
) - 1), 0)
2364 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2365 sizeof(key
) - 1), 0)
2366 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2367 sizeof(info
) - 1), 0)
2368 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2369 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2376 EVP_PKEY_CTX_free(pctx
);
2381 static int test_emptyikm_HKDF(void)
2384 unsigned char out
[20];
2387 unsigned char salt
[] = "9876543210";
2388 unsigned char key
[] = "";
2389 unsigned char info
[] = "stringinfo";
2390 const unsigned char expected
[] = {
2391 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2392 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2394 size_t expectedlen
= sizeof(expected
);
2396 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2399 outlen
= sizeof(out
);
2400 memset(out
, 0, outlen
);
2402 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2403 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2404 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2405 sizeof(salt
) - 1), 0)
2406 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2407 sizeof(key
) - 1), 0)
2408 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2409 sizeof(info
) - 1), 0)
2410 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2411 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2417 EVP_PKEY_CTX_free(pctx
);
2422 #ifndef OPENSSL_NO_EC
2423 static int test_X509_PUBKEY_inplace(void)
2426 X509_PUBKEY
*xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2427 const unsigned char *p
= kExampleECPubKeyDER
;
2428 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2432 if (!TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2435 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
2438 p
= kExampleBadECPubKeyDER
;
2439 input_len
= sizeof(kExampleBadECPubKeyDER
);
2441 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2444 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
2450 X509_PUBKEY_free(xp
);
2454 static int test_X509_PUBKEY_dup(void)
2457 X509_PUBKEY
*xp
= NULL
, *xq
= NULL
;
2458 const unsigned char *p
= kExampleECPubKeyDER
;
2459 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2461 xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2463 || !TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2464 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
))
2465 || !TEST_ptr_ne(xp
, xq
))
2468 if (!TEST_ptr(X509_PUBKEY_get0(xq
))
2469 || !TEST_ptr(X509_PUBKEY_get0(xp
))
2470 || !TEST_ptr_ne(X509_PUBKEY_get0(xq
), X509_PUBKEY_get0(xp
)))
2473 X509_PUBKEY_free(xq
);
2475 p
= kExampleBadECPubKeyDER
;
2476 input_len
= sizeof(kExampleBadECPubKeyDER
);
2478 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2479 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
)))
2482 X509_PUBKEY_free(xp
);
2484 if (!TEST_true(X509_PUBKEY_get0(xq
) == NULL
))
2490 X509_PUBKEY_free(xp
);
2491 X509_PUBKEY_free(xq
);
2494 #endif /* OPENSSL_NO_EC */
2496 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2497 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
2499 EVP_MD_CTX
*mdctx
= NULL
;
2500 EVP_PKEY_CTX
*ctx
= NULL
;
2501 const OSSL_PARAM
*params
;
2502 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
2505 char mdname
[OSSL_MAX_NAME_SIZE
];
2508 /* Initialise a sign operation */
2509 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
);
2511 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
2515 * We should be able to query the parameters now.
2517 params
= EVP_PKEY_CTX_settable_params(ctx
);
2518 if (!TEST_ptr(params
)
2519 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2520 OSSL_SIGNATURE_PARAM_DIGEST
)))
2523 params
= EVP_PKEY_CTX_gettable_params(ctx
);
2524 if (!TEST_ptr(params
)
2525 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2526 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
2527 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2528 OSSL_SIGNATURE_PARAM_DIGEST
)))
2532 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2533 * EVP_PKEY_CTX_get_params()
2535 strcpy(mdname
, "SHA512");
2537 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2539 *param
++ = OSSL_PARAM_construct_end();
2541 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
2545 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2546 mdname
, sizeof(mdname
));
2547 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
2548 || !TEST_str_eq(mdname
, "SHA512"))
2552 * Test the TEST_PKEY_CTX_set_signature_md() and
2553 * TEST_PKEY_CTX_get_signature_md() functions
2555 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
2556 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
2557 || !TEST_ptr_eq(md
, EVP_sha256()))
2561 * Test getting MD parameters via an associated EVP_PKEY_CTX
2563 mdctx
= EVP_MD_CTX_new();
2564 if (!TEST_ptr(mdctx
)
2565 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", testctx
, testpropq
,
2570 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2571 * able to obtain the digest's settable parameters from the provider.
2573 params
= EVP_MD_CTX_settable_params(mdctx
);
2574 if (!TEST_ptr(params
)
2575 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
2576 /* The final key should be NULL */
2577 || !TEST_ptr_null(params
[1].key
))
2581 memset(ssl3ms
, 0, sizeof(ssl3ms
));
2582 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
2583 ssl3ms
, sizeof(ssl3ms
));
2584 *param
++ = OSSL_PARAM_construct_end();
2586 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
2592 EVP_MD_CTX_free(mdctx
);
2593 EVP_PKEY_CTX_free(ctx
);
2598 #ifndef OPENSSL_NO_DSA
2599 static int test_DSA_get_set_params(void)
2601 OSSL_PARAM_BLD
*bld
= NULL
;
2602 OSSL_PARAM
*params
= NULL
;
2603 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
2604 EVP_PKEY_CTX
*pctx
= NULL
;
2605 EVP_PKEY
*pkey
= NULL
;
2609 * Setup the parameters for our DSA object. For our purposes they don't
2610 * have to actually be *valid* parameters. We just need to set something.
2612 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "DSA", NULL
))
2613 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2614 || !TEST_ptr(p
= BN_new())
2615 || !TEST_ptr(q
= BN_new())
2616 || !TEST_ptr(g
= BN_new())
2617 || !TEST_ptr(pub
= BN_new())
2618 || !TEST_ptr(priv
= BN_new()))
2620 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
2621 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
2622 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
2623 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
2625 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
2628 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2631 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2632 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2636 if (!TEST_ptr(pkey
))
2639 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2642 EVP_PKEY_free(pkey
);
2643 EVP_PKEY_CTX_free(pctx
);
2644 OSSL_PARAM_free(params
);
2645 OSSL_PARAM_BLD_free(bld
);
2656 * Test combinations of private, public, missing and private + public key
2657 * params to ensure they are all accepted
2659 static int test_DSA_priv_pub(void)
2661 return test_EVP_PKEY_ffc_priv_pub("DSA");
2664 #endif /* !OPENSSL_NO_DSA */
2666 static int test_RSA_get_set_params(void)
2668 OSSL_PARAM_BLD
*bld
= NULL
;
2669 OSSL_PARAM
*params
= NULL
;
2670 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
2671 EVP_PKEY_CTX
*pctx
= NULL
;
2672 EVP_PKEY
*pkey
= NULL
;
2676 * Setup the parameters for our RSA object. For our purposes they don't
2677 * have to actually be *valid* parameters. We just need to set something.
2679 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
2680 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2681 || !TEST_ptr(n
= BN_new())
2682 || !TEST_ptr(e
= BN_new())
2683 || !TEST_ptr(d
= BN_new()))
2685 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
2686 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
2687 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
2689 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2692 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2693 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2697 if (!TEST_ptr(pkey
))
2700 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2703 EVP_PKEY_free(pkey
);
2704 EVP_PKEY_CTX_free(pctx
);
2705 OSSL_PARAM_free(params
);
2706 OSSL_PARAM_BLD_free(bld
);
2714 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2715 static int test_decrypt_null_chunks(void)
2717 EVP_CIPHER_CTX
* ctx
= NULL
;
2718 EVP_CIPHER
*cipher
= NULL
;
2719 const unsigned char key
[32] = {
2720 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2721 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2722 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2724 unsigned char iv
[12] = {
2725 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2727 unsigned char msg
[] = "It was the best of times, it was the worst of times";
2728 unsigned char ciphertext
[80];
2729 unsigned char plaintext
[80];
2730 /* We initialise tmp to a non zero value on purpose */
2731 int ctlen
, ptlen
, tmp
= 99;
2733 const int enc_offset
= 10, dec_offset
= 20;
2735 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "ChaCha20-Poly1305", testpropq
))
2736 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
2737 || !TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
,
2739 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
2741 /* Deliberate add a zero length update */
2742 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
2744 || !TEST_int_eq(tmp
, 0)
2745 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
2747 sizeof(msg
) - enc_offset
))
2748 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
2749 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
2750 || !TEST_int_eq(tmp
, 0))
2753 /* Deliberately initialise tmp to a non zero value */
2755 if (!TEST_true(EVP_DecryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
2756 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
2759 * Deliberately add a zero length update. We also deliberately do
2760 * this at a different offset than for encryption.
2762 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
2764 || !TEST_int_eq(tmp
, 0)
2765 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
2766 ciphertext
+ dec_offset
,
2767 ctlen
- dec_offset
))
2768 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
2769 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
2770 || !TEST_int_eq(tmp
, 0)
2771 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
2776 EVP_CIPHER_CTX_free(ctx
);
2777 EVP_CIPHER_free(cipher
);
2780 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2782 #ifndef OPENSSL_NO_DH
2784 * Test combinations of private, public, missing and private + public key
2785 * params to ensure they are all accepted
2787 static int test_DH_priv_pub(void)
2789 return test_EVP_PKEY_ffc_priv_pub("DH");
2792 # ifndef OPENSSL_NO_DEPRECATED_3_0
2793 static int test_EVP_PKEY_set1_DH(void)
2795 DH
*x942dh
= NULL
, *noqdh
= NULL
;
2796 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
2798 BIGNUM
*p
, *g
= NULL
;
2799 BIGNUM
*pubkey
= NULL
;
2800 unsigned char pub
[2048 / 8];
2803 if (!TEST_ptr(p
= BN_new())
2804 || !TEST_ptr(g
= BN_new())
2805 || !TEST_ptr(pubkey
= BN_new())
2806 || !TEST_true(BN_set_word(p
, 9999))
2807 || !TEST_true(BN_set_word(g
, 2))
2808 || !TEST_true(BN_set_word(pubkey
, 4321))
2809 || !TEST_ptr(noqdh
= DH_new())
2810 || !TEST_true(DH_set0_pqg(noqdh
, p
, NULL
, g
))
2811 || !TEST_true(DH_set0_key(noqdh
, pubkey
, NULL
))
2812 || !TEST_ptr(pubkey
= BN_new())
2813 || !TEST_true(BN_set_word(pubkey
, 4321)))
2817 x942dh
= DH_get_2048_256();
2818 pkey1
= EVP_PKEY_new();
2819 pkey2
= EVP_PKEY_new();
2820 if (!TEST_ptr(x942dh
)
2824 || !TEST_true(DH_set0_key(x942dh
, pubkey
, NULL
)))
2828 if (!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
2829 || !TEST_int_eq(EVP_PKEY_get_id(pkey1
), EVP_PKEY_DHX
))
2832 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1
, OSSL_PKEY_PARAM_PUB_KEY
,
2834 || !TEST_ptr(pubkey
))
2837 if (!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
2838 || !TEST_int_eq(EVP_PKEY_get_id(pkey2
), EVP_PKEY_DH
))
2841 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2
,
2842 OSSL_PKEY_PARAM_PUB_KEY
,
2843 pub
, sizeof(pub
), &len
))
2844 || !TEST_size_t_ne(len
, 0))
2852 EVP_PKEY_free(pkey1
);
2853 EVP_PKEY_free(pkey2
);
2859 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2860 #endif /* !OPENSSL_NO_DH */
2863 * We test what happens with an empty template. For the sake of this test,
2864 * the template must be ignored, and we know that's the case for RSA keys
2865 * (this might arguably be a misfeature, but that's what we currently do,
2866 * even in provider code, since that's how the legacy RSA implementation
2869 static int test_keygen_with_empty_template(int n
)
2871 EVP_PKEY_CTX
*ctx
= NULL
;
2872 EVP_PKEY
*pkey
= NULL
;
2873 EVP_PKEY
*tkey
= NULL
;
2876 if (nullprov
!= NULL
)
2877 return TEST_skip("Test does not support a non-default library context");
2881 /* We do test with no template at all as well */
2882 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
2886 /* Here we create an empty RSA key that serves as our template */
2887 if (!TEST_ptr(tkey
= EVP_PKEY_new())
2888 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
2889 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
2894 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
2895 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
2900 EVP_PKEY_CTX_free(ctx
);
2901 EVP_PKEY_free(pkey
);
2902 EVP_PKEY_free(tkey
);
2907 * Test that we fail if we attempt to use an algorithm that is not available
2908 * in the current library context (unless we are using an algorithm that
2909 * should be made available via legacy codepaths).
2914 static int test_pkey_ctx_fail_without_provider(int tst
)
2916 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
2917 OSSL_PROVIDER
*tmpnullprov
= NULL
;
2918 EVP_PKEY_CTX
*pctx
= NULL
;
2919 const char *keytype
= NULL
;
2920 int expect_null
= 0;
2923 if (!TEST_ptr(tmpctx
))
2926 tmpnullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
2927 if (!TEST_ptr(tmpnullprov
))
2931 * We check for certain algos in the null provider.
2932 * If an algo is expected to have a provider keymgmt, constructing an
2933 * EVP_PKEY_CTX is expected to fail (return NULL).
2934 * Otherwise, if it's expected to have legacy support, constructing an
2935 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2945 #ifdef OPENSSL_NO_EC
2946 TEST_info("EC disable, skipping SM2 check...");
2949 #ifdef OPENSSL_NO_SM2
2950 TEST_info("SM2 disable, skipping SM2 check...");
2955 TEST_error("No test for case %d", tst
);
2959 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
2960 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
2963 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2969 EVP_PKEY_CTX_free(pctx
);
2970 OSSL_PROVIDER_unload(tmpnullprov
);
2971 OSSL_LIB_CTX_free(tmpctx
);
2975 static int test_rand_agglomeration(void)
2979 OSSL_PARAM params
[3], *p
= params
;
2981 unsigned int step
= 7;
2982 static unsigned char seed
[] = "It does not matter how slowly you go "
2983 "as long as you do not stop.";
2984 unsigned char out
[sizeof(seed
)];
2986 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
2987 || !TEST_ptr(rand
= EVP_RAND_fetch(testctx
, "TEST-RAND", testpropq
)))
2989 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
2990 EVP_RAND_free(rand
);
2994 memset(out
, 0, sizeof(out
));
2995 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
2996 seed
, sizeof(seed
));
2997 *p
++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST
, &step
);
2998 *p
= OSSL_PARAM_construct_end();
2999 res
= TEST_true(EVP_RAND_CTX_set_params(ctx
, params
))
3000 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
3001 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
3002 EVP_RAND_CTX_free(ctx
);
3007 * Test that we correctly return the original or "running" IV after
3008 * an encryption operation.
3009 * Run multiple times for some different relevant algorithms/modes.
3011 static int test_evp_iv_aes(int idx
)
3014 EVP_CIPHER_CTX
*ctx
= NULL
;
3015 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3016 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3017 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
3018 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3019 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3020 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3021 9, 10, 11, 12, 13, 14, 15, 16 };
3022 unsigned char ciphertext
[32], oiv
[16], iv
[16];
3023 unsigned char *ref_iv
;
3024 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3025 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3027 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3028 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3029 unsigned char cfb_state
[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3030 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3031 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3032 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3033 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3034 #ifndef OPENSSL_NO_OCB
3035 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3036 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3038 int len
= sizeof(ciphertext
);
3039 size_t ivlen
, ref_len
;
3040 const EVP_CIPHER
*type
= NULL
;
3043 if (nullprov
!= NULL
&& idx
< 6)
3044 return TEST_skip("Test does not support a non-default library context");
3048 type
= EVP_aes_128_cbc();
3051 type
= (type
!= NULL
) ? type
:
3052 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", testpropq
);
3054 ref_len
= sizeof(cbc_state
);
3058 type
= EVP_aes_128_ofb();
3061 type
= (type
!= NULL
) ? type
:
3062 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", testpropq
);
3064 ref_len
= sizeof(ofb_state
);
3068 type
= EVP_aes_128_cfb();
3071 type
= (type
!= NULL
) ? type
:
3072 EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
);
3074 ref_len
= sizeof(cfb_state
);
3078 type
= EVP_aes_128_gcm();
3081 type
= (type
!= NULL
) ? type
:
3082 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", testpropq
);
3084 ref_len
= sizeof(gcm_state
);
3087 type
= EVP_aes_128_ccm();
3090 type
= (type
!= NULL
) ? type
:
3091 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", testpropq
);
3093 ref_len
= sizeof(ccm_state
);
3095 #ifdef OPENSSL_NO_OCB
3101 type
= EVP_aes_128_ocb();
3104 type
= (type
!= NULL
) ? type
:
3105 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", testpropq
);
3107 ref_len
= sizeof(ocb_state
);
3115 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3116 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3117 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3119 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3120 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3121 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3123 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3124 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3125 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3128 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3129 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3130 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3133 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3136 if (!TEST_mem_eq(ref_iv
, ivlen
, iv
, ivlen
))
3142 EVP_CIPHER_CTX_free(ctx
);
3144 EVP_CIPHER_free((EVP_CIPHER
*)type
);
3148 #ifndef OPENSSL_NO_DES
3149 static int test_evp_iv_des(int idx
)
3152 EVP_CIPHER_CTX
*ctx
= NULL
;
3153 static const unsigned char key
[24] = {
3154 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3155 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3156 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3158 static const unsigned char init_iv
[8] = {
3159 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3161 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3162 9, 10, 11, 12, 13, 14, 15, 16 };
3163 unsigned char ciphertext
[32], oiv
[8], iv
[8];
3164 unsigned const char *ref_iv
;
3165 static const unsigned char cbc_state_des
[8] = {
3166 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3168 static const unsigned char cbc_state_3des
[8] = {
3169 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3171 static const unsigned char ofb_state_des
[8] = {
3172 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3174 static const unsigned char ofb_state_3des
[8] = {
3175 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3177 static const unsigned char cfb_state_des
[8] = {
3178 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3180 static const unsigned char cfb_state_3des
[8] = {
3181 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3183 int len
= sizeof(ciphertext
);
3184 size_t ivlen
, ref_len
;
3185 EVP_CIPHER
*type
= NULL
;
3187 if (lgcyprov
== NULL
&& idx
< 3)
3188 return TEST_skip("Test requires legacy provider to be loaded");
3192 type
= EVP_CIPHER_fetch(testctx
, "des-cbc", testpropq
);
3193 ref_iv
= cbc_state_des
;
3194 ref_len
= sizeof(cbc_state_des
);
3197 type
= EVP_CIPHER_fetch(testctx
, "des-ofb", testpropq
);
3198 ref_iv
= ofb_state_des
;
3199 ref_len
= sizeof(ofb_state_des
);
3202 type
= EVP_CIPHER_fetch(testctx
, "des-cfb", testpropq
);
3203 ref_iv
= cfb_state_des
;
3204 ref_len
= sizeof(cfb_state_des
);
3207 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cbc", testpropq
);
3208 ref_iv
= cbc_state_3des
;
3209 ref_len
= sizeof(cbc_state_3des
);
3212 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-ofb", testpropq
);
3213 ref_iv
= ofb_state_3des
;
3214 ref_len
= sizeof(ofb_state_3des
);
3217 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cfb", testpropq
);
3218 ref_iv
= cfb_state_3des
;
3219 ref_len
= sizeof(cfb_state_3des
);
3226 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3227 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3228 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3230 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3231 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3232 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3234 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3235 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3236 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3239 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3240 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3242 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3247 EVP_CIPHER_CTX_free(ctx
);
3248 EVP_CIPHER_free(type
);
3253 #ifndef OPENSSL_NO_EC
3254 static int ecpub_nids
[] = {
3255 NID_brainpoolP256r1
, NID_X9_62_prime256v1
,
3256 NID_secp384r1
, NID_secp521r1
,
3257 # ifndef OPENSSL_NO_EC2M
3258 NID_sect233k1
, NID_sect233r1
, NID_sect283r1
,
3259 NID_sect409k1
, NID_sect409r1
, NID_sect571k1
, NID_sect571r1
,
3261 NID_brainpoolP384r1
, NID_brainpoolP512r1
3264 static int test_ecpub(int idx
)
3266 int ret
= 0, len
, savelen
;
3268 unsigned char buf
[1024];
3270 EVP_PKEY
*pkey
= NULL
;
3271 EVP_PKEY_CTX
*ctx
= NULL
;
3272 # ifndef OPENSSL_NO_DEPRECATED_3_0
3273 const unsigned char *q
;
3274 EVP_PKEY
*pkey2
= NULL
;
3278 if (nullprov
!= NULL
)
3279 return TEST_skip("Test does not support a non-default library context");
3281 nid
= ecpub_nids
[idx
];
3283 ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
3285 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3286 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, nid
))
3287 || !TEST_true(EVP_PKEY_keygen(ctx
, &pkey
)))
3289 len
= i2d_PublicKey(pkey
, NULL
);
3291 if (!TEST_int_ge(len
, 1)
3292 || !TEST_int_lt(len
, 1024))
3295 len
= i2d_PublicKey(pkey
, &p
);
3296 if (!TEST_int_ge(len
, 1)
3297 || !TEST_int_eq(len
, savelen
))
3300 # ifndef OPENSSL_NO_DEPRECATED_3_0
3301 /* Now try to decode the just-created DER. */
3303 if (!TEST_ptr((pkey2
= EVP_PKEY_new()))
3304 || !TEST_ptr((ec
= EC_KEY_new_by_curve_name(nid
)))
3305 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2
, ec
)))
3307 /* EC_KEY ownership transferred */
3309 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC
, &pkey2
, &q
, savelen
)))
3311 /* The keys should match. */
3312 if (!TEST_int_eq(EVP_PKEY_eq(pkey
, pkey2
), 1))
3319 EVP_PKEY_CTX_free(ctx
);
3320 EVP_PKEY_free(pkey
);
3321 # ifndef OPENSSL_NO_DEPRECATED_3_0
3322 EVP_PKEY_free(pkey2
);
3329 static int test_EVP_rsa_pss_with_keygen_bits(void)
3332 EVP_PKEY_CTX
*ctx
= NULL
;
3333 EVP_PKEY
*pkey
= NULL
;
3336 md
= EVP_MD_fetch(testctx
, "sha256", testpropq
);
3338 && TEST_ptr((ctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", testpropq
)))
3339 && TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3340 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, 512), 0)
3341 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx
, md
))
3342 && TEST_true(EVP_PKEY_keygen(ctx
, &pkey
));
3345 EVP_PKEY_free(pkey
);
3346 EVP_PKEY_CTX_free(ctx
);
3350 static int test_EVP_rsa_pss_set_saltlen(void)
3353 EVP_PKEY
*pkey
= NULL
;
3354 EVP_PKEY_CTX
*pkey_ctx
= NULL
;
3355 EVP_MD
*sha256
= NULL
;
3356 EVP_MD_CTX
*sha256_ctx
= NULL
;
3357 int saltlen
= 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3358 const int test_value
= 32;
3360 ret
= TEST_ptr(pkey
= load_example_rsa_key())
3361 && TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", NULL
))
3362 && TEST_ptr(sha256_ctx
= EVP_MD_CTX_new())
3363 && TEST_true(EVP_DigestSignInit(sha256_ctx
, &pkey_ctx
, sha256
, NULL
, pkey
))
3364 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx
, RSA_PKCS1_PSS_PADDING
))
3365 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx
, test_value
))
3366 && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx
, &saltlen
))
3367 && TEST_int_eq(saltlen
, test_value
);
3369 EVP_MD_CTX_free(sha256_ctx
);
3370 EVP_PKEY_free(pkey
);
3371 EVP_MD_free(sha256
);
3376 static int success
= 1;
3377 static void md_names(const char *name
, void *vctx
)
3379 OSSL_LIB_CTX
*ctx
= (OSSL_LIB_CTX
*)vctx
;
3380 /* Force a namemap update */
3381 EVP_CIPHER
*aes128
= EVP_CIPHER_fetch(ctx
, "AES-128-CBC", NULL
);
3383 if (!TEST_ptr(aes128
))
3386 EVP_CIPHER_free(aes128
);
3390 * Test that changing the namemap in a user callback works in a names_do_all
3393 static int test_names_do_all(void)
3395 /* We use a custom libctx so that we know the state of the namemap */
3396 OSSL_LIB_CTX
*ctx
= OSSL_LIB_CTX_new();
3397 EVP_MD
*sha256
= NULL
;
3403 sha256
= EVP_MD_fetch(ctx
, "SHA2-256", NULL
);
3404 if (!TEST_ptr(sha256
))
3408 * We loop through all the names for a given digest. This should still work
3409 * even if the namemap changes part way through.
3411 if (!TEST_true(EVP_MD_names_do_all(sha256
, md_names
, ctx
)))
3414 if (!TEST_true(success
))
3419 EVP_MD_free(sha256
);
3420 OSSL_LIB_CTX_free(ctx
);
3426 const unsigned char *key
;
3427 const unsigned char *iv
;
3428 const unsigned char *input
;
3429 const unsigned char *expected
;
3430 const unsigned char *tag
;
3431 size_t ivlen
; /* 0 if we do not need to set a specific IV len */
3440 static const EVP_INIT_TEST_st evp_init_tests
[] = {
3442 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3443 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3447 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3448 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3449 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3450 sizeof(gcmDefaultTag
), 1, 0, 1
3453 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3454 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3458 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3459 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3460 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3461 sizeof(gcmDefaultTag
), 0, 0, 1
3464 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3465 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3469 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3470 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3471 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3472 sizeof(gcmDefaultTag
), 1, 1, 0
3475 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3476 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3480 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3481 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3482 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3483 sizeof(gcmDefaultTag
), 0, 1, 0
3487 static int evp_init_seq_set_iv(EVP_CIPHER_CTX
*ctx
, const EVP_INIT_TEST_st
*t
)
3491 if (t
->ivlen
!= 0) {
3492 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen
, NULL
)))
3495 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv
, -1)))
3503 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3504 * arguments are given one at a time and a final adjustment to the enc
3505 * parameter sets the correct operation.
3507 static int test_evp_init_seq(int idx
)
3509 int outlen1
, outlen2
;
3511 unsigned char outbuf
[1024];
3512 unsigned char tag
[16];
3513 const EVP_INIT_TEST_st
*t
= &evp_init_tests
[idx
];
3514 EVP_CIPHER_CTX
*ctx
= NULL
;
3515 EVP_CIPHER
*type
= NULL
;
3516 size_t taglen
= sizeof(tag
);
3517 char *errmsg
= NULL
;
3519 ctx
= EVP_CIPHER_CTX_new();
3521 errmsg
= "CTX_ALLOC";
3524 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
))) {
3525 errmsg
= "CIPHER_FETCH";
3528 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, t
->initenc
))) {
3529 errmsg
= "EMPTY_ENC_INIT";
3532 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3536 if (t
->keyfirst
&& !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3537 errmsg
= "KEY_INIT (before iv)";
3540 if (!evp_init_seq_set_iv(ctx
, t
)) {
3544 if (t
->keyfirst
== 0 && !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3545 errmsg
= "KEY_INIT (after iv)";
3548 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, t
->finalenc
))) {
3549 errmsg
= "FINAL_ENC_INIT";
3552 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3553 errmsg
= "CIPHER_UPDATE";
3556 if (t
->finalenc
== 0 && t
->tag
!= NULL
) {
3557 /* Set expected tag */
3558 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
,
3559 t
->taglen
, (void *)t
->tag
))) {
3564 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3565 errmsg
= "CIPHER_FINAL";
3568 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3569 errmsg
= "WRONG_RESULT";
3572 if (t
->finalenc
!= 0 && t
->tag
!= NULL
) {
3573 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3577 if (!TEST_mem_eq(t
->tag
, t
->taglen
, tag
, taglen
)) {
3578 errmsg
= "TAG_ERROR";
3585 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3586 EVP_CIPHER_CTX_free(ctx
);
3587 EVP_CIPHER_free(type
);
3592 const unsigned char *input
;
3593 const unsigned char *expected
;
3597 } EVP_RESET_TEST_st
;
3599 static const EVP_RESET_TEST_st evp_reset_tests
[] = {
3601 cfbPlaintext
, cfbCiphertext
,
3602 sizeof(cfbPlaintext
), sizeof(cfbCiphertext
), 1
3605 cfbCiphertext
, cfbPlaintext
,
3606 sizeof(cfbCiphertext
), sizeof(cfbPlaintext
), 0
3611 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3614 static int test_evp_reset(int idx
)
3616 const EVP_RESET_TEST_st
*t
= &evp_reset_tests
[idx
];
3617 int outlen1
, outlen2
;
3619 unsigned char outbuf
[1024];
3620 EVP_CIPHER_CTX
*ctx
= NULL
;
3621 EVP_CIPHER
*type
= NULL
;
3622 char *errmsg
= NULL
;
3624 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3625 errmsg
= "CTX_ALLOC";
3628 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
))) {
3629 errmsg
= "CIPHER_FETCH";
3632 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3633 errmsg
= "CIPHER_INIT";
3636 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3640 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3641 errmsg
= "CIPHER_UPDATE";
3644 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3645 errmsg
= "CIPHER_FINAL";
3648 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3649 errmsg
= "WRONG_RESULT";
3652 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, -1))) {
3653 errmsg
= "CIPHER_REINIT";
3656 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3657 errmsg
= "CIPHER_UPDATE (reinit)";
3660 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3661 errmsg
= "CIPHER_FINAL (reinit)";
3664 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3665 errmsg
= "WRONG_RESULT (reinit)";
3671 TEST_info("test_evp_reset %d: %s", idx
, errmsg
);
3672 EVP_CIPHER_CTX_free(ctx
);
3673 EVP_CIPHER_free(type
);
3680 } EVP_UPDATED_IV_TEST_st
;
3682 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests
[] = {
3722 * Test that the IV in the context is updated during a crypto operation for CFB
3725 static int test_evp_updated_iv(int idx
)
3727 const EVP_UPDATED_IV_TEST_st
*t
= &evp_updated_iv_tests
[idx
];
3728 int outlen1
, outlen2
;
3730 unsigned char outbuf
[1024];
3731 EVP_CIPHER_CTX
*ctx
= NULL
;
3732 EVP_CIPHER
*type
= NULL
;
3733 unsigned char updated_iv
[EVP_MAX_IV_LENGTH
];
3735 char *errmsg
= NULL
;
3737 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3738 errmsg
= "CTX_ALLOC";
3741 if ((type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
)) == NULL
) {
3742 TEST_info("cipher %s not supported, skipping", t
->cipher
);
3746 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3747 errmsg
= "CIPHER_INIT";
3750 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3754 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, cfbPlaintext
, sizeof(cfbPlaintext
)))) {
3755 errmsg
= "CIPHER_UPDATE";
3758 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, updated_iv
, sizeof(updated_iv
)))) {
3759 errmsg
= "CIPHER_CTX_GET_UPDATED_IV";
3762 if (!TEST_true(iv_len
= EVP_CIPHER_CTX_get_iv_length(ctx
))) {
3763 errmsg
= "CIPHER_CTX_GET_IV_LEN";
3766 if (!TEST_mem_ne(iCFBIV
, sizeof(iCFBIV
), updated_iv
, iv_len
)) {
3767 errmsg
= "IV_NOT_UPDATED";
3770 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3771 errmsg
= "CIPHER_FINAL";
3778 TEST_info("test_evp_updated_iv %d: %s", idx
, errmsg
);
3779 EVP_CIPHER_CTX_free(ctx
);
3780 EVP_CIPHER_free(type
);
3785 const unsigned char *iv1
;
3786 const unsigned char *iv2
;
3787 const unsigned char *expected1
;
3788 const unsigned char *expected2
;
3789 const unsigned char *tag1
;
3790 const unsigned char *tag2
;
3793 size_t expectedlen1
;
3794 size_t expectedlen2
;
3795 } TEST_GCM_IV_REINIT_st
;
3797 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests
[] = {
3799 iGCMResetIV1
, iGCMResetIV2
, gcmResetCiphertext1
, gcmResetCiphertext2
,
3800 gcmResetTag1
, gcmResetTag2
, sizeof(iGCMResetIV1
), sizeof(iGCMResetIV2
),
3801 sizeof(gcmResetCiphertext1
), sizeof(gcmResetCiphertext2
)
3804 iGCMResetIV2
, iGCMResetIV1
, gcmResetCiphertext2
, gcmResetCiphertext1
,
3805 gcmResetTag2
, gcmResetTag1
, sizeof(iGCMResetIV2
), sizeof(iGCMResetIV1
),
3806 sizeof(gcmResetCiphertext2
), sizeof(gcmResetCiphertext1
)
3810 static int test_gcm_reinit(int idx
)
3812 int outlen1
, outlen2
, outlen3
;
3814 unsigned char outbuf
[1024];
3815 unsigned char tag
[16];
3816 const TEST_GCM_IV_REINIT_st
*t
= &gcm_reinit_tests
[idx
];
3817 EVP_CIPHER_CTX
*ctx
= NULL
;
3818 EVP_CIPHER
*type
= NULL
;
3819 size_t taglen
= sizeof(tag
);
3820 char *errmsg
= NULL
;
3822 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3823 errmsg
= "CTX_ALLOC";
3826 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-256-gcm", testpropq
))) {
3827 errmsg
= "CIPHER_FETCH";
3830 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, 1))) {
3831 errmsg
= "ENC_INIT";
3834 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen1
, NULL
))) {
3835 errmsg
= "SET_IVLEN1";
3838 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, kGCMResetKey
, t
->iv1
, 1))) {
3842 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3846 EVP_CIPHER_CTX_set_padding(ctx
, 0);
3847 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3848 sizeof(gcmResetPlaintext
)))) {
3849 errmsg
= "CIPHER_UPDATE1";
3852 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3853 errmsg
= "CIPHER_FINAL1";
3856 if (!TEST_mem_eq(t
->expected1
, t
->expectedlen1
, outbuf
, outlen1
+ outlen2
)) {
3857 errmsg
= "WRONG_RESULT1";
3860 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3861 errmsg
= "GET_TAG1";
3864 if (!TEST_mem_eq(t
->tag1
, taglen
, tag
, taglen
)) {
3865 errmsg
= "TAG_ERROR1";
3869 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen2
, NULL
))) {
3870 errmsg
= "SET_IVLEN2";
3873 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv2
, -1))) {
3877 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3881 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3882 sizeof(gcmResetPlaintext
)))) {
3883 errmsg
= "CIPHER_UPDATE2";
3886 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3887 errmsg
= "CIPHER_FINAL2";
3890 if (!TEST_mem_eq(t
->expected2
, t
->expectedlen2
, outbuf
, outlen1
+ outlen2
)) {
3891 errmsg
= "WRONG_RESULT2";
3894 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3895 errmsg
= "GET_TAG2";
3898 if (!TEST_mem_eq(t
->tag2
, taglen
, tag
, taglen
)) {
3899 errmsg
= "TAG_ERROR2";
3905 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3906 EVP_CIPHER_CTX_free(ctx
);
3907 EVP_CIPHER_free(type
);
3911 #ifndef OPENSSL_NO_DEPRECATED_3_0
3912 static EVP_PKEY_METHOD
*custom_pmeth
= NULL
;
3913 static const EVP_PKEY_METHOD
*orig_pmeth
= NULL
;
3915 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3917 static int custom_pmeth_init(EVP_PKEY_CTX
*ctx
)
3919 int (*pinit
)(EVP_PKEY_CTX
*ctx
);
3921 EVP_PKEY_meth_get_init(orig_pmeth
, &pinit
);
3925 static void custom_pmeth_cleanup(EVP_PKEY_CTX
*ctx
)
3927 void (*pcleanup
)(EVP_PKEY_CTX
*ctx
);
3929 EVP_PKEY_meth_get_cleanup(orig_pmeth
, &pcleanup
);
3933 static int custom_pmeth_sign(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
3934 size_t *outlen
, const unsigned char *in
,
3937 int (*psign
)(EVP_PKEY_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3938 const unsigned char *tbs
, size_t tbslen
);
3940 EVP_PKEY_meth_get_sign(orig_pmeth
, NULL
, &psign
);
3941 return psign(ctx
, out
, outlen
, in
, inlen
);
3944 static int custom_pmeth_digestsign(EVP_MD_CTX
*ctx
, unsigned char *sig
,
3945 size_t *siglen
, const unsigned char *tbs
,
3948 int (*pdigestsign
)(EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3949 const unsigned char *tbs
, size_t tbslen
);
3951 EVP_PKEY_meth_get_digestsign(orig_pmeth
, &pdigestsign
);
3952 return pdigestsign(ctx
, sig
, siglen
, tbs
, tbslen
);
3955 static int custom_pmeth_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
,
3958 int (*pderive
)(EVP_PKEY_CTX
*ctx
, unsigned char *key
, size_t *keylen
);
3960 EVP_PKEY_meth_get_derive(orig_pmeth
, NULL
, &pderive
);
3961 return pderive(ctx
, key
, keylen
);
3964 static int custom_pmeth_copy(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
)
3966 int (*pcopy
)(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
);
3968 EVP_PKEY_meth_get_copy(orig_pmeth
, &pcopy
);
3969 return pcopy(dst
, src
);
3972 static int ctrl_called
;
3974 static int custom_pmeth_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
3976 int (*pctrl
)(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
3978 EVP_PKEY_meth_get_ctrl(orig_pmeth
, &pctrl
, NULL
);
3980 if (type
== EVP_PKEY_CTRL_MY_COMMAND
) {
3985 return pctrl(ctx
, type
, p1
, p2
);
3988 static int test_custom_pmeth(int idx
)
3990 EVP_PKEY_CTX
*pctx
= NULL
;
3991 EVP_MD_CTX
*ctx
= NULL
;
3992 EVP_PKEY
*pkey
= NULL
;
3993 int id
, orig_id
, orig_flags
;
3996 unsigned char *res
= NULL
;
3997 unsigned char msg
[] = { 'H', 'e', 'l', 'l', 'o' };
3998 const EVP_MD
*md
= EVP_sha256();
4003 /* We call deprecated APIs so this test doesn't support a custom libctx */
4004 if (testctx
!= NULL
)
4011 pkey
= load_example_rsa_key();
4015 # ifndef OPENSSL_NO_DSA
4017 pkey
= load_example_dsa_key();
4024 # ifndef OPENSSL_NO_EC
4026 pkey
= load_example_ec_key();
4033 # ifndef OPENSSL_NO_EC
4034 id
= EVP_PKEY_ED25519
;
4036 pkey
= load_example_ed25519_key();
4043 # ifndef OPENSSL_NO_DH
4046 pkey
= load_example_dh_key();
4053 # ifndef OPENSSL_NO_EC
4054 id
= EVP_PKEY_X25519
;
4056 pkey
= load_example_x25519_key();
4062 TEST_error("Should not happen");
4066 if (!TEST_ptr(pkey
))
4070 if (!TEST_true(evp_pkey_is_provided(pkey
)))
4073 EVP_PKEY
*tmp
= pkey
;
4075 /* Convert to a legacy key */
4076 pkey
= EVP_PKEY_new();
4077 if (!TEST_ptr(pkey
)) {
4081 if (!TEST_true(evp_pkey_copy_downgraded(&pkey
, tmp
))) {
4086 if (!TEST_true(evp_pkey_is_legacy(pkey
)))
4090 if (!TEST_ptr(orig_pmeth
= EVP_PKEY_meth_find(id
))
4094 EVP_PKEY_meth_get0_info(&orig_id
, &orig_flags
, orig_pmeth
);
4095 if (!TEST_int_eq(orig_id
, id
)
4096 || !TEST_ptr(custom_pmeth
= EVP_PKEY_meth_new(id
, orig_flags
)))
4099 if (id
== EVP_PKEY_ED25519
) {
4100 EVP_PKEY_meth_set_digestsign(custom_pmeth
, custom_pmeth_digestsign
);
4101 } if (id
== EVP_PKEY_DH
|| id
== EVP_PKEY_X25519
) {
4102 EVP_PKEY_meth_set_derive(custom_pmeth
, NULL
, custom_pmeth_derive
);
4104 EVP_PKEY_meth_set_sign(custom_pmeth
, NULL
, custom_pmeth_sign
);
4106 if (id
!= EVP_PKEY_ED25519
&& id
!= EVP_PKEY_X25519
) {
4107 EVP_PKEY_meth_set_init(custom_pmeth
, custom_pmeth_init
);
4108 EVP_PKEY_meth_set_cleanup(custom_pmeth
, custom_pmeth_cleanup
);
4109 EVP_PKEY_meth_set_copy(custom_pmeth
, custom_pmeth_copy
);
4111 EVP_PKEY_meth_set_ctrl(custom_pmeth
, custom_pmeth_ctrl
, NULL
);
4112 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth
)))
4116 pctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
4118 || !TEST_int_eq(EVP_PKEY_derive_init(pctx
), 1)
4119 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4120 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4122 || !TEST_int_eq(ctrl_called
, 1)
4123 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx
, pkey
), 1)
4124 || !TEST_int_ge(EVP_PKEY_derive(pctx
, NULL
, &reslen
), 1)
4125 || !TEST_ptr(res
= OPENSSL_malloc(reslen
))
4126 || !TEST_int_ge(EVP_PKEY_derive(pctx
, res
, &reslen
), 1))
4129 ctx
= EVP_MD_CTX_new();
4130 reslen
= EVP_PKEY_size(pkey
);
4131 res
= OPENSSL_malloc(reslen
);
4134 || !TEST_true(EVP_DigestSignInit(ctx
, &pctx
, md
, NULL
, pkey
))
4135 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4136 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4138 || !TEST_int_eq(ctrl_called
, 1))
4141 if (id
== EVP_PKEY_ED25519
) {
4142 if (!TEST_true(EVP_DigestSign(ctx
, res
, &reslen
, msg
, sizeof(msg
))))
4145 if (!TEST_true(EVP_DigestUpdate(ctx
, msg
, sizeof(msg
)))
4146 || !TEST_true(EVP_DigestSignFinal(ctx
, res
, &reslen
)))
4154 EVP_MD_CTX_free(ctx
);
4156 EVP_PKEY_CTX_free(pctx
);
4157 EVP_PKEY_free(pkey
);
4158 EVP_PKEY_meth_remove(custom_pmeth
);
4159 EVP_PKEY_meth_free(custom_pmeth
);
4160 custom_pmeth
= NULL
;
4164 static int test_evp_md_cipher_meth(void)
4166 EVP_MD
*md
= EVP_MD_meth_dup(EVP_sha256());
4167 EVP_CIPHER
*ciph
= EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4170 if (!TEST_ptr(md
) || !TEST_ptr(ciph
))
4176 EVP_MD_meth_free(md
);
4177 EVP_CIPHER_meth_free(ciph
);
4182 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4183 /* Test we can create a signature keys with an associated ENGINE */
4184 static int test_signatures_with_engine(int tst
)
4187 const char *engine_id
= "dasync";
4188 EVP_PKEY
*pkey
= NULL
;
4189 const unsigned char badcmackey
[] = { 0x00, 0x01 };
4190 const unsigned char cmackey
[] = {
4191 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4192 0x0c, 0x0d, 0x0e, 0x0f
4194 const unsigned char ed25519key
[] = {
4195 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4196 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4197 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4199 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4201 EVP_MD_CTX
*ctx
= NULL
;
4202 unsigned char *mac
= NULL
;
4206 # ifdef OPENSSL_NO_CMAC
4207 /* Skip CMAC tests in a no-cmac build */
4212 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4215 if (!TEST_true(ENGINE_init(e
))) {
4222 pkey
= EVP_PKEY_new_CMAC_key(e
, cmackey
, sizeof(cmackey
),
4226 pkey
= EVP_PKEY_new_CMAC_key(e
, badcmackey
, sizeof(badcmackey
),
4230 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519
, e
, ed25519key
,
4231 sizeof(ed25519key
));
4234 TEST_error("Invalid test case");
4237 if (!TEST_ptr(pkey
))
4240 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
4243 ret
= EVP_DigestSignInit(ctx
, NULL
, tst
== 2 ? NULL
: EVP_sha256(), NULL
,
4246 if (!TEST_true(ret
))
4249 if (!TEST_true(EVP_DigestSignUpdate(ctx
, msg
, sizeof(msg
)))
4250 || !TEST_true(EVP_DigestSignFinal(ctx
, NULL
, &maclen
)))
4253 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
4256 if (!TEST_true(EVP_DigestSignFinal(ctx
, mac
, &maclen
)))
4259 /* We used a bad key. We expect a failure here */
4260 if (!TEST_false(ret
))
4266 EVP_MD_CTX_free(ctx
);
4268 EVP_PKEY_free(pkey
);
4275 static int test_cipher_with_engine(void)
4278 const char *engine_id
= "dasync";
4279 const unsigned char keyiv
[] = {
4280 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4281 0x0c, 0x0d, 0x0e, 0x0f
4283 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4285 EVP_CIPHER_CTX
*ctx
= NULL
, *ctx2
= NULL
;
4286 unsigned char buf
[AES_BLOCK_SIZE
];
4289 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4292 if (!TEST_true(ENGINE_init(e
))) {
4297 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
4298 || !TEST_ptr(ctx2
= EVP_CIPHER_CTX_new()))
4301 if (!TEST_true(EVP_EncryptInit_ex(ctx
, EVP_aes_128_cbc(), e
, keyiv
, keyiv
)))
4304 /* Copy the ctx, and complete the operation with the new ctx */
4305 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2
, ctx
)))
4308 if (!TEST_true(EVP_EncryptUpdate(ctx2
, buf
, &len
, msg
, sizeof(msg
)))
4309 || !TEST_true(EVP_EncryptFinal_ex(ctx2
, buf
+ len
, &len
)))
4314 EVP_CIPHER_CTX_free(ctx
);
4315 EVP_CIPHER_CTX_free(ctx2
);
4321 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4322 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4324 static int ecxnids
[] = {
4331 /* Test that creating ECX keys with a short private key fails as expected */
4332 static int test_ecx_short_keys(int tst
)
4334 unsigned char ecxkeydata
= 1;
4338 pkey
= EVP_PKEY_new_raw_private_key(ecxnids
[tst
], NULL
, &ecxkeydata
, 1);
4339 if (!TEST_ptr_null(pkey
)) {
4340 EVP_PKEY_free(pkey
);
4346 typedef enum OPTION_choice
{
4353 const OPTIONS
*test_get_options(void)
4355 static const OPTIONS options
[] = {
4356 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
4357 { "context", OPT_CONTEXT
, '-', "Explicitly use a non-default library context" },
4363 int setup_tests(void)
4367 while ((o
= opt_next()) != OPT_EOF
) {
4370 /* Set up an alternate library context */
4371 testctx
= OSSL_LIB_CTX_new();
4372 if (!TEST_ptr(testctx
))
4374 /* Swap the libctx to test non-default context only */
4375 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
4376 deflprov
= OSSL_PROVIDER_load(testctx
, "default");
4377 lgcyprov
= OSSL_PROVIDER_load(testctx
, "legacy");
4379 case OPT_TEST_CASES
:
4386 ADD_TEST(test_EVP_set_default_properties
);
4387 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 30);
4388 ADD_TEST(test_EVP_DigestVerifyInit
);
4389 #ifndef OPENSSL_NO_SIPHASH
4390 ADD_TEST(test_siphash_digestsign
);
4392 ADD_TEST(test_EVP_Digest
);
4393 ADD_TEST(test_EVP_md_null
);
4394 ADD_ALL_TESTS(test_EVP_PKEY_sign
, 3);
4395 ADD_ALL_TESTS(test_EVP_Enveloped
, 2);
4396 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
4397 ADD_TEST(test_privatekey_to_pkcs8
);
4398 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag
);
4399 #ifndef OPENSSL_NO_EC
4400 ADD_TEST(test_EVP_PKCS82PKEY
);
4402 #ifndef OPENSSL_NO_EC
4403 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
4405 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4406 ADD_TEST(test_EVP_SM2
);
4407 ADD_TEST(test_EVP_SM2_verify
);
4409 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
4410 #ifndef OPENSSL_NO_DEPRECATED_3_0
4411 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
4412 if (!TEST_ptr(custom_pmeth
))
4414 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
4415 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
4416 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
4417 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
4420 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
4421 #ifndef OPENSSL_NO_CMAC
4422 ADD_TEST(test_CMAC_keygen
);
4424 ADD_TEST(test_HKDF
);
4425 ADD_TEST(test_emptyikm_HKDF
);
4426 #ifndef OPENSSL_NO_EC
4427 ADD_TEST(test_X509_PUBKEY_inplace
);
4428 ADD_TEST(test_X509_PUBKEY_dup
);
4429 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
4430 OSSL_NELEM(ec_der_pub_keys
));
4432 #ifndef OPENSSL_NO_DSA
4433 ADD_TEST(test_DSA_get_set_params
);
4434 ADD_TEST(test_DSA_priv_pub
);
4436 ADD_TEST(test_RSA_get_set_params
);
4437 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4438 ADD_TEST(test_decrypt_null_chunks
);
4440 #ifndef OPENSSL_NO_DH
4441 ADD_TEST(test_DH_priv_pub
);
4442 # ifndef OPENSSL_NO_DEPRECATED_3_0
4443 ADD_TEST(test_EVP_PKEY_set1_DH
);
4446 #ifndef OPENSSL_NO_EC
4447 ADD_TEST(test_EC_priv_pub
);
4448 # ifndef OPENSSL_NO_DEPRECATED_3_0
4449 ADD_TEST(test_EC_priv_only_legacy
);
4452 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
4453 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
4455 ADD_TEST(test_rand_agglomeration
);
4456 ADD_ALL_TESTS(test_evp_iv_aes
, 12);
4457 #ifndef OPENSSL_NO_DES
4458 ADD_ALL_TESTS(test_evp_iv_des
, 6);
4460 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits
);
4461 ADD_TEST(test_EVP_rsa_pss_set_saltlen
);
4462 #ifndef OPENSSL_NO_EC
4463 ADD_ALL_TESTS(test_ecpub
, OSSL_NELEM(ecpub_nids
));
4466 ADD_TEST(test_names_do_all
);
4468 ADD_ALL_TESTS(test_evp_init_seq
, OSSL_NELEM(evp_init_tests
));
4469 ADD_ALL_TESTS(test_evp_reset
, OSSL_NELEM(evp_reset_tests
));
4470 ADD_ALL_TESTS(test_gcm_reinit
, OSSL_NELEM(gcm_reinit_tests
));
4471 ADD_ALL_TESTS(test_evp_updated_iv
, OSSL_NELEM(evp_updated_iv_tests
));
4473 #ifndef OPENSSL_NO_DEPRECATED_3_0
4474 ADD_ALL_TESTS(test_custom_pmeth
, 12);
4475 ADD_TEST(test_evp_md_cipher_meth
);
4477 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4478 /* Tests only support the default libctx */
4479 if (testctx
== NULL
) {
4480 # ifndef OPENSSL_NO_EC
4481 ADD_ALL_TESTS(test_signatures_with_engine
, 3);
4483 ADD_ALL_TESTS(test_signatures_with_engine
, 2);
4485 ADD_TEST(test_cipher_with_engine
);
4490 ADD_ALL_TESTS(test_ecx_short_keys
, OSSL_NELEM(ecxnids
));
4495 void cleanup_tests(void)
4497 OSSL_PROVIDER_unload(nullprov
);
4498 OSSL_PROVIDER_unload(deflprov
);
4499 OSSL_PROVIDER_unload(lgcyprov
);
4500 OSSL_LIB_CTX_free(testctx
);