2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
40 static OSSL_LIB_CTX
*testctx
= NULL
;
41 static char *testpropq
= NULL
;
43 static OSSL_PROVIDER
*nullprov
= NULL
;
44 static OSSL_PROVIDER
*deflprov
= NULL
;
45 static OSSL_PROVIDER
*lgcyprov
= NULL
;
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
51 static const unsigned char kExampleRSAKeyDER
[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER
[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
156 static const unsigned char kExampleBadRSAKeyDER
[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
248 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
250 static const unsigned char kSignature
[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
268 static const unsigned char kExampleRSAKeyPKCS8
[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
324 #ifndef OPENSSL_NO_EC
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
329 static const unsigned char kExampleECKeyDER
[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
347 static const unsigned char kExampleBadECKeyDER
[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
360 static const unsigned char kExampleECPubKeyDER
[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
375 static const unsigned char kExampleBadECPubKeyDER
[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
386 static const unsigned char pExampleECParamDER
[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
390 static const unsigned char kExampleED25519KeyDER
[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
397 static const unsigned char kExampleED25519PubKeyDER
[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER
[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER
[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
447 static const unsigned char kCFBDefaultKey
[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
452 static const unsigned char kGCMDefaultKey
[32] = { 0 };
454 static const unsigned char kGCMResetKey
[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
460 static const unsigned char iCFBIV
[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
465 static const unsigned char iGCMDefaultIV
[12] = { 0 };
467 static const unsigned char iGCMResetIV1
[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
471 static const unsigned char iGCMResetIV2
[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
475 static const unsigned char cfbPlaintext
[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
480 static const unsigned char gcmDefaultPlaintext
[16] = { 0 };
482 static const unsigned char gcmResetPlaintext
[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
490 static const unsigned char cfbCiphertext
[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
495 static const unsigned char gcmDefaultCiphertext
[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
500 static const unsigned char gcmResetCiphertext1
[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
508 static const unsigned char gcmResetCiphertext2
[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
516 static const unsigned char gcmAAD
[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
521 static const unsigned char gcmDefaultTag
[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
526 static const unsigned char gcmResetTag1
[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
531 static const unsigned char gcmResetTag2
[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
536 typedef struct APK_DATA_st
{
537 const unsigned char *kder
;
544 int type
; /* 0 for private, 1 for public, 2 for params */
547 static APK_DATA keydata
[] = {
548 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
},
549 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), "RSA", EVP_PKEY_RSA
},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
}
555 static APK_DATA keycheckdata
[] = {
556 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
, 1, 1, 1,
558 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), "RSA", EVP_PKEY_RSA
,
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), "EC", EVP_PKEY_EC
, 0, 1,
565 {pExampleECParamDER
, sizeof(pExampleECParamDER
), "EC", EVP_PKEY_EC
, 0, 0, 1,
567 {kExampleED25519KeyDER
, sizeof(kExampleED25519KeyDER
), "ED25519",
568 EVP_PKEY_ED25519
, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER
, sizeof(kExampleED25519PubKeyDER
), "ED25519",
570 EVP_PKEY_ED25519
, 0, 1, 1, 1},
574 static EVP_PKEY
*load_example_key(const char *keytype
,
575 const unsigned char *data
, size_t data_len
)
577 const unsigned char **pdata
= &data
;
578 EVP_PKEY
*pkey
= NULL
;
579 OSSL_DECODER_CTX
*dctx
=
580 OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", NULL
, keytype
, 0,
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
585 OSSL_DECODER_CTX_free(dctx
);
589 static EVP_PKEY
*load_example_rsa_key(void)
591 return load_example_key("RSA", kExampleRSAKeyDER
,
592 sizeof(kExampleRSAKeyDER
));
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY
*load_example_dsa_key(void)
598 return load_example_key("DSA", kExampleDSAKeyDER
,
599 sizeof(kExampleDSAKeyDER
));
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY
*load_example_ec_key(void)
606 return load_example_key("EC", kExampleECKeyDER
,
607 sizeof(kExampleECKeyDER
));
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY
*load_example_dh_key(void)
615 return load_example_key("DH", kExampleDHKeyDER
,
616 sizeof(kExampleDHKeyDER
));
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY
*load_example_ed25519_key(void)
623 return load_example_key("ED25519", kExampleED25519KeyDER
,
624 sizeof(kExampleED25519KeyDER
));
627 static EVP_PKEY
*load_example_x25519_key(void)
629 return load_example_key("X25519", kExampleX25519KeyDER
,
630 sizeof(kExampleX25519KeyDER
));
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
635 static EVP_PKEY
*load_example_hmac_key(void)
637 EVP_PKEY
*pkey
= NULL
;
638 unsigned char key
[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
644 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, "HMAC",
645 NULL
, key
, sizeof(key
));
652 static int test_EVP_set_default_properties(void)
658 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
659 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
664 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
665 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
666 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
671 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
672 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
677 OSSL_LIB_CTX_free(ctx
);
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static int test_fromdata(char *keytype
, int selection
, OSSL_PARAM
*params
)
684 EVP_PKEY_CTX
*pctx
= NULL
;
685 EVP_PKEY
*pkey
= NULL
;
688 BIO
*bio
= BIO_new(BIO_s_mem());
690 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, keytype
, testpropq
)))
692 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
693 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
700 /* Check we can use the resulting key */
701 ret
= PEM_write_bio_PUBKEY(bio
, pkey
);
702 if ((selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0) {
706 if (!TEST_false(ret
))
709 ret
= PEM_write_bio_PrivateKey_ex(bio
, pkey
, NULL
, NULL
, 0, NULL
, NULL
,
711 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
715 if (!TEST_false(ret
))
722 EVP_PKEY_CTX_free(pctx
);
727 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
730 * Test combinations of private, public, missing and private + public key
731 * params to ensure they are all accepted
733 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
734 static int test_EVP_PKEY_ffc_priv_pub(char *keytype
)
736 OSSL_PARAM_BLD
*bld
= NULL
;
737 OSSL_PARAM
*params
= NULL
;
738 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
742 * Setup the parameters for our pkey object. For our purposes they don't
743 * have to actually be *valid* parameters. We just need to set something.
745 if (!TEST_ptr(p
= BN_new())
746 || !TEST_ptr(q
= BN_new())
747 || !TEST_ptr(g
= BN_new())
748 || !TEST_ptr(pub
= BN_new())
749 || !TEST_ptr(priv
= BN_new()))
752 /* Test !priv and !pub */
753 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
754 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
755 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
756 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
)))
758 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
761 if (!test_fromdata(keytype
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
, params
))
763 OSSL_PARAM_free(params
);
765 OSSL_PARAM_BLD_free(bld
);
767 /* Test priv and !pub */
768 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
769 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
770 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
771 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
772 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
775 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
778 if (!test_fromdata(keytype
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
, params
))
780 OSSL_PARAM_free(params
);
782 OSSL_PARAM_BLD_free(bld
);
784 /* Test !priv and pub */
785 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
789 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
792 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
795 if (!test_fromdata(keytype
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
, params
))
797 OSSL_PARAM_free(params
);
799 OSSL_PARAM_BLD_free(bld
);
801 /* Test priv and pub */
802 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
804 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
811 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
814 if (!test_fromdata(keytype
, EVP_PKEY_KEYPAIR
, params
))
819 OSSL_PARAM_free(params
);
820 OSSL_PARAM_BLD_free(bld
);
829 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
832 * Test combinations of private, public, missing and private + public key
833 * params to ensure they are all accepted for EC keys
835 #ifndef OPENSSL_NO_EC
836 static unsigned char ec_priv
[] = {
837 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
838 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
839 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
841 static unsigned char ec_pub
[] = {
842 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
843 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
844 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
845 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
846 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
847 0x08, 0x09, 0xb8, 0xdb, 0x03
850 static int test_EC_priv_pub(void)
852 OSSL_PARAM_BLD
*bld
= NULL
;
853 OSSL_PARAM
*params
= NULL
;
858 * Setup the parameters for our pkey object. For our purposes they don't
859 * have to actually be *valid* parameters. We just need to set something.
861 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
864 /* Test !priv and !pub */
865 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
866 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
867 OSSL_PKEY_PARAM_GROUP_NAME
,
870 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
873 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
, params
))
875 OSSL_PARAM_free(params
);
877 OSSL_PARAM_BLD_free(bld
);
879 /* Test priv and !pub */
880 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
881 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
882 OSSL_PKEY_PARAM_GROUP_NAME
,
884 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
887 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
891 * We indicate only parameters here. The "EVP_PKEY_fromdata" call will do
892 * the private key anyway, but the subsequent PEM_write_bio_PrivateKey_ex
893 * call is expected to fail because PEM_write_bio_PrivateKey_ex does not
894 * support exporting a private EC key without a corresponding public key
896 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
, params
))
898 OSSL_PARAM_free(params
);
900 OSSL_PARAM_BLD_free(bld
);
902 /* Test !priv and pub */
903 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
904 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
905 OSSL_PKEY_PARAM_GROUP_NAME
,
907 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
908 OSSL_PKEY_PARAM_PUB_KEY
,
909 ec_pub
, sizeof(ec_pub
))))
911 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
914 if (!test_fromdata("EC", OSSL_KEYMGMT_SELECT_PUBLIC_KEY
, params
))
916 OSSL_PARAM_free(params
);
918 OSSL_PARAM_BLD_free(bld
);
920 /* Test priv and pub */
921 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
922 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
923 OSSL_PKEY_PARAM_GROUP_NAME
,
925 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
926 OSSL_PKEY_PARAM_PUB_KEY
,
927 ec_pub
, sizeof(ec_pub
)))
928 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
931 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
934 if (!test_fromdata("EC", EVP_PKEY_KEYPAIR
, params
))
939 OSSL_PARAM_free(params
);
940 OSSL_PARAM_BLD_free(bld
);
946 /* Test that using a legacy EC key with only a private key in it works */
947 # ifndef OPENSSL_NO_DEPRECATED_3_0
948 static int test_EC_priv_only_legacy(void)
952 EC_KEY
*eckey
= NULL
;
953 EVP_PKEY
*pkey
= NULL
, *dup_pk
= NULL
;
954 EVP_MD_CTX
*ctx
= NULL
;
956 /* Create the low level EC_KEY */
957 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
960 eckey
= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
);
961 if (!TEST_ptr(eckey
))
964 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
967 pkey
= EVP_PKEY_new();
971 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
975 while (dup_pk
== NULL
) {
977 ctx
= EVP_MD_CTX_new();
982 * The EVP_DigestSignInit function should create the key on the
983 * provider side which is sufficient for this test.
985 if (!TEST_true(EVP_DigestSignInit_ex(ctx
, NULL
, NULL
, testctx
,
986 testpropq
, pkey
, NULL
)))
988 EVP_MD_CTX_free(ctx
);
991 if (!TEST_ptr(dup_pk
= EVP_PKEY_dup(pkey
)))
993 /* EVP_PKEY_eq() returns -2 with missing public keys */
994 ret
= TEST_int_eq(EVP_PKEY_eq(pkey
, dup_pk
), -2);
1002 EVP_MD_CTX_free(ctx
);
1003 EVP_PKEY_free(pkey
);
1009 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1010 #endif /* OPENSSL_NO_EC */
1012 static int test_EVP_PKEY_sign(int tst
)
1015 EVP_PKEY
*pkey
= NULL
;
1016 unsigned char *sig
= NULL
;
1017 size_t sig_len
= 0, shortsig_len
= 1;
1018 EVP_PKEY_CTX
*ctx
= NULL
;
1019 unsigned char tbs
[] = {
1020 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1021 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1025 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1027 } else if (tst
== 1) {
1028 #ifndef OPENSSL_NO_DSA
1029 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1036 #ifndef OPENSSL_NO_EC
1037 if (!TEST_ptr(pkey
= load_example_ec_key()))
1045 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1047 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1048 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1051 sig
= OPENSSL_malloc(sig_len
);
1053 /* Test sending a signature buffer that is too short is rejected */
1054 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1056 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1058 /* Test the signature round-trips */
1059 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1060 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1066 EVP_PKEY_CTX_free(ctx
);
1068 EVP_PKEY_free(pkey
);
1073 * n = 0 => test using legacy cipher
1074 * n = 1 => test using fetched cipher
1076 static int test_EVP_Enveloped(int n
)
1079 EVP_CIPHER_CTX
*ctx
= NULL
;
1080 EVP_PKEY
*keypair
= NULL
;
1081 unsigned char *kek
= NULL
;
1082 unsigned char iv
[EVP_MAX_IV_LENGTH
];
1083 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1084 int len
, kek_len
, ciphertext_len
, plaintext_len
;
1085 unsigned char ciphertext
[32], plaintext
[16];
1086 EVP_CIPHER
*type
= NULL
;
1088 if (nullprov
!= NULL
)
1089 return TEST_skip("Test does not support a non-default library context");
1092 type
= (EVP_CIPHER
*)EVP_aes_256_cbc();
1093 else if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "AES-256-CBC",
1097 if (!TEST_ptr(keypair
= load_example_rsa_key())
1098 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_get_size(keypair
)))
1099 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1100 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
1102 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
1104 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
1108 ciphertext_len
+= len
;
1110 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
1111 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
1112 ciphertext
, ciphertext_len
))
1113 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
1116 plaintext_len
+= len
;
1117 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
1123 EVP_CIPHER_free(type
);
1125 EVP_PKEY_free(keypair
);
1126 EVP_CIPHER_CTX_free(ctx
);
1131 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1132 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1133 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1134 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1135 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1136 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1137 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1138 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1139 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1140 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1141 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1142 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1143 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1144 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1145 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1147 static int test_EVP_DigestSignInit(int tst
)
1150 EVP_PKEY
*pkey
= NULL
;
1151 unsigned char *sig
= NULL
, *sig2
= NULL
;
1152 size_t sig_len
= 0, sig2_len
= 0, shortsig_len
= 1;
1153 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
1154 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
1155 BIO
*mdbio
= NULL
, *membio
= NULL
;
1158 EVP_MD
*mdexp
= NULL
;
1160 if (nullprov
!= NULL
)
1161 return TEST_skip("Test does not support a non-default library context");
1163 if (tst
>= 6 && tst
<= 8) {
1164 membio
= BIO_new(BIO_s_mem());
1165 mdbio
= BIO_new(BIO_f_md());
1166 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
1168 BIO_push(mdbio
, membio
);
1169 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
1172 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
1173 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
1178 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1180 } else if (tst
% 3 == 1) {
1181 #ifndef OPENSSL_NO_DSA
1182 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1189 if (!TEST_ptr(pkey
= load_example_hmac_key()))
1193 if (tst
>= 3 && tst
<= 5)
1194 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
1198 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
1201 if (tst
>= 6 && tst
<= 8) {
1202 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
1204 } else if (tst
< 6) {
1205 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1210 /* Determine the size of the signature. */
1211 if (!TEST_true(EVP_DigestSign(md_ctx
, NULL
, &sig_len
, kMsg
,
1213 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1216 /* Test that supply a short sig buffer fails */
1217 if (!TEST_false(EVP_DigestSign(md_ctx
, sig
, &shortsig_len
, kMsg
,
1221 * We end here because once EVP_DigestSign() has failed you should
1222 * not call it again without re-initing the ctx
1227 if (!TEST_true(EVP_DigestSign(md_ctx
, sig
, &sig_len
, kMsg
,
1231 /* Determine the size of the signature. */
1232 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
1233 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
1235 * Trying to create a signature with a deliberately short
1236 * buffer should fail.
1238 || !TEST_false(EVP_DigestSignFinal(md_ctx
, sig
, &shortsig_len
))
1239 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1244 * Ensure that the signature round-trips (Verification isn't supported for
1245 * HMAC via EVP_DigestVerify*)
1248 if (tst
>= 6 && tst
<= 8) {
1249 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
1250 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
1254 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
1258 if (tst
>= 6 && tst
<= 8) {
1259 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
1262 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
1266 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1269 /* Multiple calls to EVP_DigestVerifyFinal should work */
1270 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1274 * For HMAC a doubled call to DigestSignFinal should produce the same
1275 * value as finalization should not happen.
1277 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig2_len
))
1278 || !TEST_ptr(sig2
= OPENSSL_malloc(sig2_len
))
1279 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig2
, &sig2_len
)))
1282 if (!TEST_mem_eq(sig
, sig_len
, sig2
, sig2_len
))
1291 EVP_MD_CTX_free(a_md_ctx
);
1292 EVP_MD_CTX_free(a_md_ctx_verify
);
1293 EVP_PKEY_free(pkey
);
1301 static int test_EVP_DigestVerifyInit(void)
1304 EVP_PKEY
*pkey
= NULL
;
1305 EVP_MD_CTX
*md_ctx
= NULL
;
1307 if (nullprov
!= NULL
)
1308 return TEST_skip("Test does not support a non-default library context");
1310 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1311 || !TEST_ptr(pkey
= load_example_rsa_key()))
1314 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
1315 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1316 || !TEST_true(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1317 sizeof(kSignature
))))
1322 EVP_MD_CTX_free(md_ctx
);
1323 EVP_PKEY_free(pkey
);
1328 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1330 static int test_EVP_Digest(void)
1333 EVP_MD_CTX
*md_ctx
= NULL
;
1334 unsigned char md
[EVP_MAX_MD_SIZE
];
1335 EVP_MD
*sha256
= NULL
;
1336 EVP_MD
*shake256
= NULL
;
1338 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1341 if (!TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", testpropq
))
1342 || !TEST_ptr(shake256
= EVP_MD_fetch(testctx
, "shake256", testpropq
)))
1345 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1346 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1347 || !TEST_true(EVP_DigestFinal(md_ctx
, md
, NULL
))
1348 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1349 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx
), NULL
))
1352 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1353 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1354 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md
, NULL
))
1355 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1356 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1358 * EVP_DigestInit_ex with NULL type should work on
1359 * pre-initialized context.
1361 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1364 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, shake256
, NULL
))
1365 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1366 || !TEST_true(EVP_DigestFinalXOF(md_ctx
, md
, sizeof(md
)))
1367 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1368 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1369 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1374 EVP_MD_CTX_free(md_ctx
);
1375 EVP_MD_free(sha256
);
1376 EVP_MD_free(shake256
);
1380 static int test_d2i_AutoPrivateKey(int i
)
1383 const unsigned char *p
;
1384 EVP_PKEY
*pkey
= NULL
;
1385 const APK_DATA
*ak
= &keydata
[i
];
1386 const unsigned char *input
= ak
->kder
;
1387 size_t input_len
= ak
->size
;
1388 int expected_id
= ak
->evptype
;
1391 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1392 || !TEST_ptr_eq(p
, input
+ input_len
)
1393 || !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
1399 EVP_PKEY_free(pkey
);
1403 #ifndef OPENSSL_NO_EC
1405 static const unsigned char ec_public_sect163k1_validxy
[] = {
1406 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1407 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1408 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1409 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1410 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1411 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1414 static const unsigned char ec_public_sect163k1_badx
[] = {
1415 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1416 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1417 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1418 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1419 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1420 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1423 static const unsigned char ec_public_sect163k1_bady
[] = {
1424 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1425 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1426 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1427 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1428 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1429 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1432 static struct ec_der_pub_keys_st
{
1433 const unsigned char *der
;
1436 } ec_der_pub_keys
[] = {
1437 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
1438 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
1439 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
1443 * Tests the range of the decoded EC char2 public point.
1444 * See ec_GF2m_simple_oct2point().
1446 static int test_invalide_ec_char2_pub_range_decode(int id
)
1451 pkey
= load_example_key("EC", ec_der_pub_keys
[id
].der
,
1452 ec_der_pub_keys
[id
].len
);
1454 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(pkey
))
1455 || TEST_ptr_null(pkey
);
1456 EVP_PKEY_free(pkey
);
1460 /* Tests loading a bad key in PKCS8 format */
1461 static int test_EVP_PKCS82PKEY(void)
1464 const unsigned char *derp
= kExampleBadECKeyDER
;
1465 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1466 EVP_PKEY
*pkey
= NULL
;
1468 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
1469 sizeof(kExampleBadECKeyDER
))))
1472 if (!TEST_ptr_eq(derp
,
1473 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
1476 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
1482 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1483 EVP_PKEY_free(pkey
);
1489 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1491 EVP_PKEY
*pkey
= NULL
;
1492 EVP_PKEY
*pkey2
= NULL
;
1494 char *membuf
= NULL
;
1495 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1498 if (testctx
!= NULL
)
1499 /* test not supported with non-default context */
1502 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1503 || !TEST_ptr(pkey
= load_example_rsa_key())
1504 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1505 NULL
, 0, NULL
, NULL
),
1507 || !TEST_int_gt(BIO_get_mem_data(membio
, &membuf
), 0)
1508 || !TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO_bio(membio
, NULL
))
1509 || !TEST_ptr(pkey2
= EVP_PKCS82PKEY(p8inf
))
1510 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1516 EVP_PKEY_free(pkey
);
1517 EVP_PKEY_free(pkey2
);
1518 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1519 BIO_free_all(membio
);
1523 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1524 static int test_privatekey_to_pkcs8(void)
1526 EVP_PKEY
*pkey
= NULL
;
1528 char *membuf
= NULL
;
1529 long membuf_len
= 0;
1532 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1533 || !TEST_ptr(pkey
= load_example_rsa_key())
1534 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1535 NULL
, 0, NULL
, NULL
),
1537 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
1538 || !TEST_ptr(membuf
)
1539 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
1540 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
1542 * We try to write PEM as well, just to see that it doesn't err, but
1543 * assume that the result is correct.
1545 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
1546 NULL
, 0, NULL
, NULL
),
1552 EVP_PKEY_free(pkey
);
1553 BIO_free_all(membio
);
1557 #ifndef OPENSSL_NO_EC
1558 static const struct {
1560 const char *encoding_name
;
1561 } ec_encodings
[] = {
1562 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
1563 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
1566 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
1568 const OSSL_PARAM
*p
;
1569 const char *enc_name
= NULL
;
1575 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
1576 OSSL_PKEY_PARAM_EC_ENCODING
))
1577 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
1580 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
1581 if (strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
1582 *enc
= ec_encodings
[i
].encoding
;
1587 return (*enc
!= -1);
1590 static int test_EC_keygen_with_enc(int idx
)
1592 EVP_PKEY
*params
= NULL
, *key
= NULL
;
1593 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
1597 enc
= ec_encodings
[idx
].encoding
;
1599 /* Create key parameters */
1600 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
1601 || !TEST_true(EVP_PKEY_paramgen_init(pctx
))
1602 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"))
1603 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
))
1604 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
1605 || !TEST_ptr(params
))
1609 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
1610 || !TEST_true(EVP_PKEY_keygen_init(kctx
))
1611 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
1615 /* Check that the encoding got all the way into the key */
1616 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
1617 ec_export_get_encoding_cb
, &enc
))
1618 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
1624 EVP_PKEY_free(params
);
1625 EVP_PKEY_CTX_free(kctx
);
1626 EVP_PKEY_CTX_free(pctx
);
1631 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1633 static int test_EVP_SM2_verify(void)
1635 const char *pubkey
=
1636 "-----BEGIN PUBLIC KEY-----\n"
1637 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1638 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1639 "-----END PUBLIC KEY-----\n";
1641 const char *msg
= "message digest";
1642 const char *id
= "ALICE123@YAHOO.COM";
1644 const uint8_t signature
[] = {
1645 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1646 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1647 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1648 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1649 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1650 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1651 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1656 EVP_PKEY
*pkey
= NULL
;
1657 EVP_MD_CTX
*mctx
= NULL
;
1658 EVP_PKEY_CTX
*pctx
= NULL
;
1661 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
1662 if (!TEST_true(bio
!= NULL
))
1665 pkey
= PEM_read_bio_PUBKEY_ex(bio
, NULL
, NULL
, NULL
, testctx
, testpropq
);
1666 if (!TEST_true(pkey
!= NULL
))
1669 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
1672 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
1675 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1678 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
1680 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1683 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, sm3
, NULL
, pkey
)))
1686 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
1689 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
1692 if (!TEST_true(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
))))
1698 EVP_PKEY_free(pkey
);
1699 EVP_PKEY_CTX_free(pctx
);
1700 EVP_MD_CTX_free(mctx
);
1705 static int test_EVP_SM2(void)
1708 EVP_PKEY
*pkey
= NULL
;
1709 EVP_PKEY
*pkeyparams
= NULL
;
1710 EVP_PKEY_CTX
*pctx
= NULL
;
1711 EVP_PKEY_CTX
*kctx
= NULL
;
1712 EVP_PKEY_CTX
*sctx
= NULL
;
1714 unsigned char *sig
= NULL
;
1715 EVP_MD_CTX
*md_ctx
= NULL
;
1716 EVP_MD_CTX
*md_ctx_verify
= NULL
;
1717 EVP_PKEY_CTX
*cctx
= NULL
;
1718 EVP_MD
*check_md
= NULL
;
1720 uint8_t ciphertext
[128];
1721 size_t ctext_len
= sizeof(ciphertext
);
1723 uint8_t plaintext
[8];
1724 size_t ptext_len
= sizeof(plaintext
);
1726 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1728 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1729 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1731 char mdname
[OSSL_MAX_NAME_SIZE
];
1733 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
,
1737 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
1740 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
1743 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
1746 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1747 pkeyparams
, testpropq
)))
1750 if (!TEST_true(EVP_PKEY_keygen_init(kctx
)))
1753 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
1756 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1759 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
1762 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1765 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
1766 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
1768 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1771 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, check_md
, NULL
, pkey
)))
1774 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1777 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1780 /* Determine the size of the signature. */
1781 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
1784 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1787 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1790 /* Ensure that the signature round-trips. */
1792 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
1796 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1799 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1802 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1805 /* now check encryption/decryption */
1807 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1808 mdname
, sizeof(mdname
));
1809 for (i
= 0; i
< 2; i
++) {
1810 const char *mdnames
[] = {
1811 #ifndef OPENSSL_NO_SM3
1817 EVP_PKEY_CTX_free(cctx
);
1819 if (mdnames
[i
] == NULL
)
1823 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1824 (char *)mdnames
[i
], 0);
1826 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1830 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
1833 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1836 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
1840 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
1843 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1846 if (!TEST_true(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
1850 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
1854 * Test we're still using the digest we think we are.
1855 * Because of aliases, the easiest is to fetch the digest and
1856 * check the name with EVP_MD_is_a().
1858 EVP_MD_free(check_md
);
1859 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, mdname
, testpropq
)))
1861 if (!TEST_true(EVP_MD_is_a(check_md
, mdnames
[i
]))) {
1862 TEST_info("Fetched md %s isn't %s", mdname
, mdnames
[i
]);
1866 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
1869 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
1875 EVP_PKEY_CTX_free(pctx
);
1876 EVP_PKEY_CTX_free(kctx
);
1877 EVP_PKEY_CTX_free(sctx
);
1878 EVP_PKEY_CTX_free(cctx
);
1879 EVP_PKEY_free(pkey
);
1880 EVP_PKEY_free(pkeyparams
);
1881 EVP_MD_CTX_free(md_ctx
);
1882 EVP_MD_CTX_free(md_ctx_verify
);
1883 EVP_MD_free(check_md
);
1890 static struct keys_st
{
1896 EVP_PKEY_HMAC
, "0123456789", NULL
1899 EVP_PKEY_HMAC
, "", NULL
1900 #ifndef OPENSSL_NO_POLY1305
1902 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
1904 #ifndef OPENSSL_NO_SIPHASH
1906 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
1909 #ifndef OPENSSL_NO_EC
1911 EVP_PKEY_X25519
, "01234567890123456789012345678901",
1912 "abcdefghijklmnopqrstuvwxyzabcdef"
1914 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
1915 "abcdefghijklmnopqrstuvwxyzabcdef"
1918 "01234567890123456789012345678901234567890123456789012345",
1919 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1922 "012345678901234567890123456789012345678901234567890123456",
1923 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1928 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
1931 unsigned char buf
[80];
1933 size_t inlen
, len
= 0, shortlen
= 1;
1936 /* Check if this algorithm supports public keys */
1937 if (pub
&& keys
[tst
].pub
== NULL
)
1940 memset(buf
, 0, sizeof(buf
));
1943 #ifndef OPENSSL_NO_EC
1944 inlen
= strlen(keys
[tst
].pub
);
1945 in
= (unsigned char *)keys
[tst
].pub
;
1947 pkey
= EVP_PKEY_new_raw_public_key_ex(
1949 OBJ_nid2sn(keys
[tst
].type
),
1954 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
1963 inlen
= strlen(keys
[tst
].priv
);
1964 in
= (unsigned char *)keys
[tst
].priv
;
1966 pkey
= EVP_PKEY_new_raw_private_key_ex(
1967 testctx
, OBJ_nid2sn(keys
[tst
].type
),
1972 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
1980 || !TEST_int_eq(EVP_PKEY_eq(pkey
, pkey
), 1)
1981 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
1982 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
1983 || !TEST_true(len
== inlen
))
1987 * Test that supplying a buffer that is too small fails. Doesn't apply
1988 * to HMAC with a zero length key
1990 if ((!pub
&& !TEST_false(EVP_PKEY_get_raw_private_key(pkey
, buf
,
1992 || (pub
&& !TEST_false(EVP_PKEY_get_raw_public_key(pkey
, buf
,
1996 if ((!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
1997 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
1998 || !TEST_mem_eq(in
, inlen
, buf
, len
))
2003 EVP_PKEY_free(pkey
);
2007 static int test_set_get_raw_keys(int tst
)
2009 return (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 0, 0))
2010 && test_set_get_raw_keys_int(tst
, 0, 1)
2011 && (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 1, 0))
2012 && test_set_get_raw_keys_int(tst
, 1, 1);
2015 #ifndef OPENSSL_NO_DEPRECATED_3_0
2016 static int pkey_custom_check(EVP_PKEY
*pkey
)
2021 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
2026 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
2031 static EVP_PKEY_METHOD
*custom_pmeth
;
2034 static int test_EVP_PKEY_check(int i
)
2037 EVP_PKEY
*pkey
= NULL
;
2038 EVP_PKEY_CTX
*ctx
= NULL
;
2039 #ifndef OPENSSL_NO_DEPRECATED_3_0
2040 EVP_PKEY_CTX
*ctx2
= NULL
;
2042 const APK_DATA
*ak
= &keycheckdata
[i
];
2043 const unsigned char *input
= ak
->kder
;
2044 size_t input_len
= ak
->size
;
2045 int expected_id
= ak
->evptype
;
2046 int expected_check
= ak
->check
;
2047 int expected_pub_check
= ak
->pub_check
;
2048 int expected_param_check
= ak
->param_check
;
2049 int type
= ak
->type
;
2051 if (!TEST_ptr(pkey
= load_example_key(ak
->keytype
, input
, input_len
)))
2054 && !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
2057 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2060 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
2063 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
2066 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
2069 #ifndef OPENSSL_NO_DEPRECATED_3_0
2070 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
2071 /* assign the pkey directly, as an internal test */
2072 EVP_PKEY_up_ref(pkey
);
2075 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
2078 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
2081 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
2088 EVP_PKEY_CTX_free(ctx
);
2089 #ifndef OPENSSL_NO_DEPRECATED_3_0
2090 EVP_PKEY_CTX_free(ctx2
);
2092 EVP_PKEY_free(pkey
);
2096 #ifndef OPENSSL_NO_CMAC
2097 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
2099 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
2100 const char msg
[] = "Hello World";
2101 size_t maclen
= AES_BLOCK_SIZE
;
2104 if (!TEST_ptr(mdctx
)
2105 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, NULL
, testctx
,
2106 testpropq
, pkey
, NULL
))
2107 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
2108 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
2109 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
2112 EVP_MD_CTX_free(mdctx
);
2116 static int test_CMAC_keygen(void)
2118 static unsigned char key
[] = {
2119 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2120 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2121 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2123 EVP_PKEY_CTX
*kctx
= NULL
;
2125 EVP_PKEY
*pkey
= NULL
;
2126 unsigned char mac
[AES_BLOCK_SIZE
];
2127 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2128 unsigned char mac2
[AES_BLOCK_SIZE
];
2131 if (nullprov
!= NULL
)
2132 return TEST_skip("Test does not support a non-default library context");
2135 * This is a legacy method for CMACs, but should still work.
2136 * This verifies that it works without an ENGINE.
2138 kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
2140 /* Test a CMAC key created using the "generated" method */
2141 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2142 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2143 EVP_PKEY_CTRL_CIPHER
,
2144 0, (void *)EVP_aes_256_ecb()), 0)
2145 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2146 EVP_PKEY_CTRL_SET_MAC_KEY
,
2147 sizeof(key
), (void *)key
), 0)
2148 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
2150 || !TEST_true(get_cmac_val(pkey
, mac
)))
2153 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2154 EVP_PKEY_free(pkey
);
2157 * Test a CMAC key using the direct method, and compare with the mac
2160 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_ecb());
2162 || !TEST_true(get_cmac_val(pkey
, mac2
))
2163 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
2170 EVP_PKEY_free(pkey
);
2171 EVP_PKEY_CTX_free(kctx
);
2176 static int test_HKDF(void)
2179 unsigned char out
[20];
2182 unsigned char salt
[] = "0123456789";
2183 unsigned char key
[] = "012345678901234567890123456789";
2184 unsigned char info
[] = "infostring";
2185 const unsigned char expected
[] = {
2186 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2187 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2189 size_t expectedlen
= sizeof(expected
);
2191 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2194 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2195 for (i
= 0; i
< 2; i
++) {
2196 outlen
= sizeof(out
);
2197 memset(out
, 0, outlen
);
2199 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2200 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2201 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2202 sizeof(salt
) - 1), 0)
2203 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2204 sizeof(key
) - 1), 0)
2205 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2206 sizeof(info
) - 1), 0)
2207 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2208 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2215 EVP_PKEY_CTX_free(pctx
);
2220 static int test_emptyikm_HKDF(void)
2223 unsigned char out
[20];
2226 unsigned char salt
[] = "9876543210";
2227 unsigned char key
[] = "";
2228 unsigned char info
[] = "stringinfo";
2229 const unsigned char expected
[] = {
2230 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2231 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2233 size_t expectedlen
= sizeof(expected
);
2235 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2238 outlen
= sizeof(out
);
2239 memset(out
, 0, outlen
);
2241 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2242 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2243 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2244 sizeof(salt
) - 1), 0)
2245 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2246 sizeof(key
) - 1), 0)
2247 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2248 sizeof(info
) - 1), 0)
2249 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2250 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2256 EVP_PKEY_CTX_free(pctx
);
2261 #ifndef OPENSSL_NO_EC
2262 static int test_X509_PUBKEY_inplace(void)
2265 X509_PUBKEY
*xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2266 const unsigned char *p
= kExampleECPubKeyDER
;
2267 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2271 if (!TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2274 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
2277 p
= kExampleBadECPubKeyDER
;
2278 input_len
= sizeof(kExampleBadECPubKeyDER
);
2280 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2283 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
2289 X509_PUBKEY_free(xp
);
2293 static int test_X509_PUBKEY_dup(void)
2296 X509_PUBKEY
*xp
= NULL
, *xq
= NULL
;
2297 const unsigned char *p
= kExampleECPubKeyDER
;
2298 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2300 xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2302 || !TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2303 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
))
2304 || !TEST_ptr_ne(xp
, xq
))
2307 if (!TEST_ptr(X509_PUBKEY_get0(xq
))
2308 || !TEST_ptr(X509_PUBKEY_get0(xp
))
2309 || !TEST_ptr_ne(X509_PUBKEY_get0(xq
), X509_PUBKEY_get0(xp
)))
2312 X509_PUBKEY_free(xq
);
2314 p
= kExampleBadECPubKeyDER
;
2315 input_len
= sizeof(kExampleBadECPubKeyDER
);
2317 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2318 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
)))
2321 X509_PUBKEY_free(xp
);
2323 if (!TEST_true(X509_PUBKEY_get0(xq
) == NULL
))
2329 X509_PUBKEY_free(xp
);
2330 X509_PUBKEY_free(xq
);
2333 #endif /* OPENSSL_NO_EC */
2335 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2336 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
2338 EVP_MD_CTX
*mdctx
= NULL
;
2339 EVP_PKEY_CTX
*ctx
= NULL
;
2340 const OSSL_PARAM
*params
;
2341 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
2344 char mdname
[OSSL_MAX_NAME_SIZE
];
2347 /* Initialise a sign operation */
2348 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
);
2350 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
2354 * We should be able to query the parameters now.
2356 params
= EVP_PKEY_CTX_settable_params(ctx
);
2357 if (!TEST_ptr(params
)
2358 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2359 OSSL_SIGNATURE_PARAM_DIGEST
)))
2362 params
= EVP_PKEY_CTX_gettable_params(ctx
);
2363 if (!TEST_ptr(params
)
2364 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2365 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
2366 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2367 OSSL_SIGNATURE_PARAM_DIGEST
)))
2371 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2372 * EVP_PKEY_CTX_get_params()
2374 strcpy(mdname
, "SHA512");
2376 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2378 *param
++ = OSSL_PARAM_construct_end();
2380 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
2384 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2385 mdname
, sizeof(mdname
));
2386 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
2387 || !TEST_str_eq(mdname
, "SHA512"))
2391 * Test the TEST_PKEY_CTX_set_signature_md() and
2392 * TEST_PKEY_CTX_get_signature_md() functions
2394 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
2395 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
2396 || !TEST_ptr_eq(md
, EVP_sha256()))
2400 * Test getting MD parameters via an associated EVP_PKEY_CTX
2402 mdctx
= EVP_MD_CTX_new();
2403 if (!TEST_ptr(mdctx
)
2404 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", testctx
, testpropq
,
2409 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2410 * able to obtain the digest's settable parameters from the provider.
2412 params
= EVP_MD_CTX_settable_params(mdctx
);
2413 if (!TEST_ptr(params
)
2414 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
2415 /* The final key should be NULL */
2416 || !TEST_ptr_null(params
[1].key
))
2420 memset(ssl3ms
, 0, sizeof(ssl3ms
));
2421 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
2422 ssl3ms
, sizeof(ssl3ms
));
2423 *param
++ = OSSL_PARAM_construct_end();
2425 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
2431 EVP_MD_CTX_free(mdctx
);
2432 EVP_PKEY_CTX_free(ctx
);
2437 #ifndef OPENSSL_NO_DSA
2438 static int test_DSA_get_set_params(void)
2440 OSSL_PARAM_BLD
*bld
= NULL
;
2441 OSSL_PARAM
*params
= NULL
;
2442 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
2443 EVP_PKEY_CTX
*pctx
= NULL
;
2444 EVP_PKEY
*pkey
= NULL
;
2448 * Setup the parameters for our DSA object. For our purposes they don't
2449 * have to actually be *valid* parameters. We just need to set something.
2451 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "DSA", NULL
))
2452 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2453 || !TEST_ptr(p
= BN_new())
2454 || !TEST_ptr(q
= BN_new())
2455 || !TEST_ptr(g
= BN_new())
2456 || !TEST_ptr(pub
= BN_new())
2457 || !TEST_ptr(priv
= BN_new()))
2459 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
2460 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
2461 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
2462 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
2464 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
2467 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2470 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2471 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2475 if (!TEST_ptr(pkey
))
2478 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2481 EVP_PKEY_free(pkey
);
2482 EVP_PKEY_CTX_free(pctx
);
2483 OSSL_PARAM_free(params
);
2484 OSSL_PARAM_BLD_free(bld
);
2495 * Test combinations of private, public, missing and private + public key
2496 * params to ensure they are all accepted
2498 static int test_DSA_priv_pub(void)
2500 return test_EVP_PKEY_ffc_priv_pub("DSA");
2503 #endif /* !OPENSSL_NO_DSA */
2505 static int test_RSA_get_set_params(void)
2507 OSSL_PARAM_BLD
*bld
= NULL
;
2508 OSSL_PARAM
*params
= NULL
;
2509 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
2510 EVP_PKEY_CTX
*pctx
= NULL
;
2511 EVP_PKEY
*pkey
= NULL
;
2515 * Setup the parameters for our RSA object. For our purposes they don't
2516 * have to actually be *valid* parameters. We just need to set something.
2518 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
2519 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2520 || !TEST_ptr(n
= BN_new())
2521 || !TEST_ptr(e
= BN_new())
2522 || !TEST_ptr(d
= BN_new()))
2524 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
2525 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
2526 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
2528 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2531 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2532 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2536 if (!TEST_ptr(pkey
))
2539 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2542 EVP_PKEY_free(pkey
);
2543 EVP_PKEY_CTX_free(pctx
);
2544 OSSL_PARAM_free(params
);
2545 OSSL_PARAM_BLD_free(bld
);
2553 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2554 static int test_decrypt_null_chunks(void)
2556 EVP_CIPHER_CTX
* ctx
= NULL
;
2557 EVP_CIPHER
*cipher
= NULL
;
2558 const unsigned char key
[32] = {
2559 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2560 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2561 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2563 unsigned char iv
[12] = {
2564 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2566 unsigned char msg
[] = "It was the best of times, it was the worst of times";
2567 unsigned char ciphertext
[80];
2568 unsigned char plaintext
[80];
2569 /* We initialise tmp to a non zero value on purpose */
2570 int ctlen
, ptlen
, tmp
= 99;
2572 const int enc_offset
= 10, dec_offset
= 20;
2574 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "ChaCha20-Poly1305", testpropq
))
2575 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
2576 || !TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
,
2578 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
2580 /* Deliberate add a zero length update */
2581 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
2583 || !TEST_int_eq(tmp
, 0)
2584 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
2586 sizeof(msg
) - enc_offset
))
2587 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
2588 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
2589 || !TEST_int_eq(tmp
, 0))
2592 /* Deliberately initialise tmp to a non zero value */
2594 if (!TEST_true(EVP_DecryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
2595 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
2598 * Deliberately add a zero length update. We also deliberately do
2599 * this at a different offset than for encryption.
2601 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
2603 || !TEST_int_eq(tmp
, 0)
2604 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
2605 ciphertext
+ dec_offset
,
2606 ctlen
- dec_offset
))
2607 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
2608 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
2609 || !TEST_int_eq(tmp
, 0)
2610 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
2615 EVP_CIPHER_CTX_free(ctx
);
2616 EVP_CIPHER_free(cipher
);
2619 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2621 #ifndef OPENSSL_NO_DH
2623 * Test combinations of private, public, missing and private + public key
2624 * params to ensure they are all accepted
2626 static int test_DH_priv_pub(void)
2628 return test_EVP_PKEY_ffc_priv_pub("DH");
2631 # ifndef OPENSSL_NO_DEPRECATED_3_0
2632 static int test_EVP_PKEY_set1_DH(void)
2634 DH
*x942dh
= NULL
, *noqdh
= NULL
;
2635 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
2637 BIGNUM
*p
, *g
= NULL
;
2638 BIGNUM
*pubkey
= NULL
;
2639 unsigned char pub
[2048 / 8];
2642 if (!TEST_ptr(p
= BN_new())
2643 || !TEST_ptr(g
= BN_new())
2644 || !TEST_ptr(pubkey
= BN_new())
2645 || !TEST_true(BN_set_word(p
, 9999))
2646 || !TEST_true(BN_set_word(g
, 2))
2647 || !TEST_true(BN_set_word(pubkey
, 4321))
2648 || !TEST_ptr(noqdh
= DH_new())
2649 || !TEST_true(DH_set0_pqg(noqdh
, p
, NULL
, g
))
2650 || !TEST_true(DH_set0_key(noqdh
, pubkey
, NULL
))
2651 || !TEST_ptr(pubkey
= BN_new())
2652 || !TEST_true(BN_set_word(pubkey
, 4321)))
2656 x942dh
= DH_get_2048_256();
2657 pkey1
= EVP_PKEY_new();
2658 pkey2
= EVP_PKEY_new();
2659 if (!TEST_ptr(x942dh
)
2663 || !TEST_true(DH_set0_key(x942dh
, pubkey
, NULL
)))
2667 if (!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
2668 || !TEST_int_eq(EVP_PKEY_get_id(pkey1
), EVP_PKEY_DHX
))
2671 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1
, OSSL_PKEY_PARAM_PUB_KEY
,
2673 || !TEST_ptr(pubkey
))
2676 if (!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
2677 || !TEST_int_eq(EVP_PKEY_get_id(pkey2
), EVP_PKEY_DH
))
2680 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2
,
2681 OSSL_PKEY_PARAM_PUB_KEY
,
2682 pub
, sizeof(pub
), &len
))
2683 || !TEST_size_t_ne(len
, 0))
2691 EVP_PKEY_free(pkey1
);
2692 EVP_PKEY_free(pkey2
);
2698 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2699 #endif /* !OPENSSL_NO_DH */
2702 * We test what happens with an empty template. For the sake of this test,
2703 * the template must be ignored, and we know that's the case for RSA keys
2704 * (this might arguably be a misfeature, but that's what we currently do,
2705 * even in provider code, since that's how the legacy RSA implementation
2708 static int test_keygen_with_empty_template(int n
)
2710 EVP_PKEY_CTX
*ctx
= NULL
;
2711 EVP_PKEY
*pkey
= NULL
;
2712 EVP_PKEY
*tkey
= NULL
;
2715 if (nullprov
!= NULL
)
2716 return TEST_skip("Test does not support a non-default library context");
2720 /* We do test with no template at all as well */
2721 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
2725 /* Here we create an empty RSA key that serves as our template */
2726 if (!TEST_ptr(tkey
= EVP_PKEY_new())
2727 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
2728 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
2733 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
2734 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
2739 EVP_PKEY_CTX_free(ctx
);
2740 EVP_PKEY_free(pkey
);
2741 EVP_PKEY_free(tkey
);
2746 * Test that we fail if we attempt to use an algorithm that is not available
2747 * in the current library context (unless we are using an algorithm that
2748 * should be made available via legacy codepaths).
2753 static int test_pkey_ctx_fail_without_provider(int tst
)
2755 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
2756 OSSL_PROVIDER
*tmpnullprov
= NULL
;
2757 EVP_PKEY_CTX
*pctx
= NULL
;
2758 const char *keytype
= NULL
;
2759 int expect_null
= 0;
2762 if (!TEST_ptr(tmpctx
))
2765 tmpnullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
2766 if (!TEST_ptr(tmpnullprov
))
2770 * We check for certain algos in the null provider.
2771 * If an algo is expected to have a provider keymgmt, contructing an
2772 * EVP_PKEY_CTX is expected to fail (return NULL).
2773 * Otherwise, if it's expected to have legacy support, contructing an
2774 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2784 #ifdef OPENSSL_NO_EC
2785 TEST_info("EC disable, skipping SM2 check...");
2788 #ifdef OPENSSL_NO_SM2
2789 TEST_info("SM2 disable, skipping SM2 check...");
2794 TEST_error("No test for case %d", tst
);
2798 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
2799 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
2802 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2808 EVP_PKEY_CTX_free(pctx
);
2809 OSSL_PROVIDER_unload(tmpnullprov
);
2810 OSSL_LIB_CTX_free(tmpctx
);
2814 static int test_rand_agglomeration(void)
2818 OSSL_PARAM params
[3], *p
= params
;
2820 unsigned int step
= 7;
2821 static unsigned char seed
[] = "It does not matter how slowly you go "
2822 "as long as you do not stop.";
2823 unsigned char out
[sizeof(seed
)];
2825 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
2826 || !TEST_ptr(rand
= EVP_RAND_fetch(testctx
, "TEST-RAND", testpropq
)))
2828 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
2829 EVP_RAND_free(rand
);
2833 memset(out
, 0, sizeof(out
));
2834 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
2835 seed
, sizeof(seed
));
2836 *p
++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST
, &step
);
2837 *p
= OSSL_PARAM_construct_end();
2838 res
= TEST_true(EVP_RAND_CTX_set_params(ctx
, params
))
2839 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
2840 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
2841 EVP_RAND_CTX_free(ctx
);
2846 * Test that we correctly return the original or "running" IV after
2847 * an encryption operation.
2848 * Run multiple times for some different relevant algorithms/modes.
2850 static int test_evp_iv_aes(int idx
)
2853 EVP_CIPHER_CTX
*ctx
= NULL
;
2854 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
2855 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
2856 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
2857 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
2858 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
2859 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
2860 9, 10, 11, 12, 13, 14, 15, 16 };
2861 unsigned char ciphertext
[32], oiv
[16], iv
[16];
2862 unsigned char *ref_iv
;
2863 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
2864 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
2866 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
2867 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
2868 unsigned char cfb_state
[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
2869 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
2870 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2871 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2872 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
2873 #ifndef OPENSSL_NO_OCB
2874 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
2875 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
2877 int len
= sizeof(ciphertext
);
2878 size_t ivlen
, ref_len
;
2879 const EVP_CIPHER
*type
= NULL
;
2882 if (nullprov
!= NULL
&& idx
< 6)
2883 return TEST_skip("Test does not support a non-default library context");
2887 type
= EVP_aes_128_cbc();
2890 type
= (type
!= NULL
) ? type
:
2891 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", testpropq
);
2893 ref_len
= sizeof(cbc_state
);
2897 type
= EVP_aes_128_ofb();
2900 type
= (type
!= NULL
) ? type
:
2901 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", testpropq
);
2903 ref_len
= sizeof(ofb_state
);
2907 type
= EVP_aes_128_cfb();
2910 type
= (type
!= NULL
) ? type
:
2911 EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
);
2913 ref_len
= sizeof(cfb_state
);
2917 type
= EVP_aes_128_gcm();
2920 type
= (type
!= NULL
) ? type
:
2921 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", testpropq
);
2923 ref_len
= sizeof(gcm_state
);
2926 type
= EVP_aes_128_ccm();
2929 type
= (type
!= NULL
) ? type
:
2930 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", testpropq
);
2932 ref_len
= sizeof(ccm_state
);
2934 #ifdef OPENSSL_NO_OCB
2940 type
= EVP_aes_128_ocb();
2943 type
= (type
!= NULL
) ? type
:
2944 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", testpropq
);
2946 ref_len
= sizeof(ocb_state
);
2954 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
2955 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
2956 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
2958 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
2959 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
2960 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
2962 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
2963 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
2964 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
2967 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
2968 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
2969 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
2972 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
2975 if (!TEST_mem_eq(ref_iv
, ivlen
, iv
, ivlen
))
2981 EVP_CIPHER_CTX_free(ctx
);
2983 EVP_CIPHER_free((EVP_CIPHER
*)type
);
2987 #ifndef OPENSSL_NO_DES
2988 static int test_evp_iv_des(int idx
)
2991 EVP_CIPHER_CTX
*ctx
= NULL
;
2992 static const unsigned char key
[24] = {
2993 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
2994 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
2995 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
2997 static const unsigned char init_iv
[8] = {
2998 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3000 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3001 9, 10, 11, 12, 13, 14, 15, 16 };
3002 unsigned char ciphertext
[32], oiv
[8], iv
[8];
3003 unsigned const char *ref_iv
;
3004 static const unsigned char cbc_state_des
[8] = {
3005 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3007 static const unsigned char cbc_state_3des
[8] = {
3008 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3010 static const unsigned char ofb_state_des
[8] = {
3011 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3013 static const unsigned char ofb_state_3des
[8] = {
3014 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3016 static const unsigned char cfb_state_des
[8] = {
3017 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3019 static const unsigned char cfb_state_3des
[8] = {
3020 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3022 int len
= sizeof(ciphertext
);
3023 size_t ivlen
, ref_len
;
3024 EVP_CIPHER
*type
= NULL
;
3026 if (lgcyprov
== NULL
&& idx
< 3)
3027 return TEST_skip("Test requires legacy provider to be loaded");
3031 type
= EVP_CIPHER_fetch(testctx
, "des-cbc", testpropq
);
3032 ref_iv
= cbc_state_des
;
3033 ref_len
= sizeof(cbc_state_des
);
3036 type
= EVP_CIPHER_fetch(testctx
, "des-ofb", testpropq
);
3037 ref_iv
= ofb_state_des
;
3038 ref_len
= sizeof(ofb_state_des
);
3041 type
= EVP_CIPHER_fetch(testctx
, "des-cfb", testpropq
);
3042 ref_iv
= cfb_state_des
;
3043 ref_len
= sizeof(cfb_state_des
);
3046 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cbc", testpropq
);
3047 ref_iv
= cbc_state_3des
;
3048 ref_len
= sizeof(cbc_state_3des
);
3051 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-ofb", testpropq
);
3052 ref_iv
= ofb_state_3des
;
3053 ref_len
= sizeof(ofb_state_3des
);
3056 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cfb", testpropq
);
3057 ref_iv
= cfb_state_3des
;
3058 ref_len
= sizeof(cfb_state_3des
);
3065 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3066 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3067 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3069 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3070 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3071 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3073 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3074 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3075 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3078 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3079 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3081 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3086 EVP_CIPHER_CTX_free(ctx
);
3087 EVP_CIPHER_free(type
);
3092 #ifndef OPENSSL_NO_EC
3093 static int ecpub_nids
[] = {
3094 NID_brainpoolP256r1
, NID_X9_62_prime256v1
,
3095 NID_secp384r1
, NID_secp521r1
,
3096 # ifndef OPENSSL_NO_EC2M
3097 NID_sect233k1
, NID_sect233r1
, NID_sect283r1
,
3098 NID_sect409k1
, NID_sect409r1
, NID_sect571k1
, NID_sect571r1
,
3100 NID_brainpoolP384r1
, NID_brainpoolP512r1
3103 static int test_ecpub(int idx
)
3105 int ret
= 0, len
, savelen
;
3107 unsigned char buf
[1024];
3109 EVP_PKEY
*pkey
= NULL
;
3110 EVP_PKEY_CTX
*ctx
= NULL
;
3111 # ifndef OPENSSL_NO_DEPRECATED_3_0
3112 const unsigned char *q
;
3113 EVP_PKEY
*pkey2
= NULL
;
3117 if (nullprov
!= NULL
)
3118 return TEST_skip("Test does not support a non-default library context");
3120 nid
= ecpub_nids
[idx
];
3122 ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
3124 || !TEST_true(EVP_PKEY_keygen_init(ctx
))
3125 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, nid
))
3126 || !TEST_true(EVP_PKEY_keygen(ctx
, &pkey
)))
3128 len
= i2d_PublicKey(pkey
, NULL
);
3130 if (!TEST_int_ge(len
, 1)
3131 || !TEST_int_lt(len
, 1024))
3134 len
= i2d_PublicKey(pkey
, &p
);
3135 if (!TEST_int_ge(len
, 1)
3136 || !TEST_int_eq(len
, savelen
))
3139 # ifndef OPENSSL_NO_DEPRECATED_3_0
3140 /* Now try to decode the just-created DER. */
3142 if (!TEST_ptr((pkey2
= EVP_PKEY_new()))
3143 || !TEST_ptr((ec
= EC_KEY_new_by_curve_name(nid
)))
3144 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2
, ec
)))
3146 /* EC_KEY ownership transferred */
3148 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC
, &pkey2
, &q
, savelen
)))
3150 /* The keys should match. */
3151 if (!TEST_int_eq(EVP_PKEY_eq(pkey
, pkey2
), 1))
3158 EVP_PKEY_CTX_free(ctx
);
3159 EVP_PKEY_free(pkey
);
3160 # ifndef OPENSSL_NO_DEPRECATED_3_0
3161 EVP_PKEY_free(pkey2
);
3168 static int test_EVP_rsa_pss_with_keygen_bits(void)
3171 EVP_PKEY_CTX
*ctx
= NULL
;
3172 EVP_PKEY
*pkey
= NULL
;
3175 md
= EVP_MD_fetch(testctx
, "sha256", testpropq
);
3177 && TEST_ptr((ctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", testpropq
)))
3178 && TEST_true(EVP_PKEY_keygen_init(ctx
))
3179 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, 512), 0)
3180 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx
, md
))
3181 && TEST_true(EVP_PKEY_keygen(ctx
, &pkey
));
3184 EVP_PKEY_free(pkey
);
3185 EVP_PKEY_CTX_free(ctx
);
3189 static int success
= 1;
3190 static void md_names(const char *name
, void *vctx
)
3192 OSSL_LIB_CTX
*ctx
= (OSSL_LIB_CTX
*)vctx
;
3193 /* Force a namemap update */
3194 EVP_CIPHER
*aes128
= EVP_CIPHER_fetch(ctx
, "AES-128-CBC", NULL
);
3196 if (!TEST_ptr(aes128
))
3199 EVP_CIPHER_free(aes128
);
3203 * Test that changing the namemap in a user callback works in a names_do_all
3206 static int test_names_do_all(void)
3208 /* We use a custom libctx so that we know the state of the namemap */
3209 OSSL_LIB_CTX
*ctx
= OSSL_LIB_CTX_new();
3210 EVP_MD
*sha256
= NULL
;
3216 sha256
= EVP_MD_fetch(ctx
, "SHA2-256", NULL
);
3217 if (!TEST_ptr(sha256
))
3221 * We loop through all the names for a given digest. This should still work
3222 * even if the namemap changes part way through.
3224 if (!TEST_true(EVP_MD_names_do_all(sha256
, md_names
, ctx
)))
3227 if (!TEST_true(success
))
3232 EVP_MD_free(sha256
);
3233 OSSL_LIB_CTX_free(ctx
);
3239 const unsigned char *key
;
3240 const unsigned char *iv
;
3241 const unsigned char *input
;
3242 const unsigned char *expected
;
3243 const unsigned char *tag
;
3244 size_t ivlen
; /* 0 if we do not need to set a specific IV len */
3253 static const EVP_INIT_TEST_st evp_init_tests
[] = {
3255 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3256 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3260 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3261 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3262 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3263 sizeof(gcmDefaultTag
), 1, 0, 1
3266 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3267 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3271 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3272 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3273 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3274 sizeof(gcmDefaultTag
), 0, 0, 1
3277 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3278 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3282 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3283 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3284 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3285 sizeof(gcmDefaultTag
), 1, 1, 0
3288 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3289 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3293 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3294 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3295 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3296 sizeof(gcmDefaultTag
), 0, 1, 0
3300 static int evp_init_seq_set_iv(EVP_CIPHER_CTX
*ctx
, const EVP_INIT_TEST_st
*t
)
3304 if (t
->ivlen
!= 0) {
3305 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen
, NULL
)))
3308 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv
, -1)))
3316 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3317 * arguments are given one at a time and a final adjustment to the enc
3318 * parameter sets the correct operation.
3320 static int test_evp_init_seq(int idx
)
3322 int outlen1
, outlen2
;
3324 unsigned char outbuf
[1024];
3325 unsigned char tag
[16];
3326 const EVP_INIT_TEST_st
*t
= &evp_init_tests
[idx
];
3327 EVP_CIPHER_CTX
*ctx
= NULL
;
3328 EVP_CIPHER
*type
= NULL
;
3329 size_t taglen
= sizeof(tag
);
3330 char *errmsg
= NULL
;
3332 ctx
= EVP_CIPHER_CTX_new();
3334 errmsg
= "CTX_ALLOC";
3337 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
))) {
3338 errmsg
= "CIPHER_FETCH";
3341 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, t
->initenc
))) {
3342 errmsg
= "EMPTY_ENC_INIT";
3345 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3349 if (t
->keyfirst
&& !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3350 errmsg
= "KEY_INIT (before iv)";
3353 if (!evp_init_seq_set_iv(ctx
, t
)) {
3357 if (t
->keyfirst
== 0 && !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3358 errmsg
= "KEY_INIT (after iv)";
3361 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, t
->finalenc
))) {
3362 errmsg
= "FINAL_ENC_INIT";
3365 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3366 errmsg
= "CIPHER_UPDATE";
3369 if (t
->finalenc
== 0 && t
->tag
!= NULL
) {
3370 /* Set expected tag */
3371 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
,
3372 t
->taglen
, (void *)t
->tag
))) {
3377 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3378 errmsg
= "CIPHER_FINAL";
3381 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3382 errmsg
= "WRONG_RESULT";
3385 if (t
->finalenc
!= 0 && t
->tag
!= NULL
) {
3386 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3390 if (!TEST_mem_eq(t
->tag
, t
->taglen
, tag
, taglen
)) {
3391 errmsg
= "TAG_ERROR";
3398 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3399 EVP_CIPHER_CTX_free(ctx
);
3400 EVP_CIPHER_free(type
);
3405 const unsigned char *input
;
3406 const unsigned char *expected
;
3410 } EVP_RESET_TEST_st
;
3412 static const EVP_RESET_TEST_st evp_reset_tests
[] = {
3414 cfbPlaintext
, cfbCiphertext
,
3415 sizeof(cfbPlaintext
), sizeof(cfbCiphertext
), 1
3418 cfbCiphertext
, cfbPlaintext
,
3419 sizeof(cfbCiphertext
), sizeof(cfbPlaintext
), 0
3424 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3427 static int test_evp_reset(int idx
)
3429 const EVP_RESET_TEST_st
*t
= &evp_reset_tests
[idx
];
3430 int outlen1
, outlen2
;
3432 unsigned char outbuf
[1024];
3433 EVP_CIPHER_CTX
*ctx
= NULL
;
3434 EVP_CIPHER
*type
= NULL
;
3435 char *errmsg
= NULL
;
3437 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3438 errmsg
= "CTX_ALLOC";
3441 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
))) {
3442 errmsg
= "CIPHER_FETCH";
3445 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3446 errmsg
= "CIPHER_INIT";
3449 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3453 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3454 errmsg
= "CIPHER_UPDATE";
3457 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3458 errmsg
= "CIPHER_FINAL";
3461 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3462 errmsg
= "WRONG_RESULT";
3465 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, -1))) {
3466 errmsg
= "CIPHER_REINIT";
3469 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3470 errmsg
= "CIPHER_UPDATE (reinit)";
3473 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3474 errmsg
= "CIPHER_FINAL (reinit)";
3477 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3478 errmsg
= "WRONG_RESULT (reinit)";
3484 TEST_info("test_evp_reset %d: %s", idx
, errmsg
);
3485 EVP_CIPHER_CTX_free(ctx
);
3486 EVP_CIPHER_free(type
);
3493 } EVP_UPDATED_IV_TEST_st
;
3495 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests
[] = {
3535 * Test that the IV in the context is updated during a crypto operation for CFB
3538 static int test_evp_updated_iv(int idx
)
3540 const EVP_UPDATED_IV_TEST_st
*t
= &evp_updated_iv_tests
[idx
];
3541 int outlen1
, outlen2
;
3543 unsigned char outbuf
[1024];
3544 EVP_CIPHER_CTX
*ctx
= NULL
;
3545 EVP_CIPHER
*type
= NULL
;
3546 unsigned char updated_iv
[EVP_MAX_IV_LENGTH
];
3548 char *errmsg
= NULL
;
3550 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3551 errmsg
= "CTX_ALLOC";
3554 if ((type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
)) == NULL
) {
3555 TEST_info("cipher %s not supported, skipping", t
->cipher
);
3559 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3560 errmsg
= "CIPHER_INIT";
3563 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3567 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, cfbPlaintext
, sizeof(cfbPlaintext
)))) {
3568 errmsg
= "CIPHER_UPDATE";
3571 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, updated_iv
, sizeof(updated_iv
)))) {
3572 errmsg
= "CIPHER_CTX_GET_UPDATED_IV";
3575 if (!TEST_true(iv_len
= EVP_CIPHER_CTX_get_iv_length(ctx
))) {
3576 errmsg
= "CIPHER_CTX_GET_IV_LEN";
3579 if (!TEST_mem_ne(iCFBIV
, sizeof(iCFBIV
), updated_iv
, iv_len
)) {
3580 errmsg
= "IV_NOT_UPDATED";
3583 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3584 errmsg
= "CIPHER_FINAL";
3591 TEST_info("test_evp_updated_iv %d: %s", idx
, errmsg
);
3592 EVP_CIPHER_CTX_free(ctx
);
3593 EVP_CIPHER_free(type
);
3598 const unsigned char *iv1
;
3599 const unsigned char *iv2
;
3600 const unsigned char *expected1
;
3601 const unsigned char *expected2
;
3602 const unsigned char *tag1
;
3603 const unsigned char *tag2
;
3606 size_t expectedlen1
;
3607 size_t expectedlen2
;
3608 } TEST_GCM_IV_REINIT_st
;
3610 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests
[] = {
3612 iGCMResetIV1
, iGCMResetIV2
, gcmResetCiphertext1
, gcmResetCiphertext2
,
3613 gcmResetTag1
, gcmResetTag2
, sizeof(iGCMResetIV1
), sizeof(iGCMResetIV2
),
3614 sizeof(gcmResetCiphertext1
), sizeof(gcmResetCiphertext2
)
3617 iGCMResetIV2
, iGCMResetIV1
, gcmResetCiphertext2
, gcmResetCiphertext1
,
3618 gcmResetTag2
, gcmResetTag1
, sizeof(iGCMResetIV2
), sizeof(iGCMResetIV1
),
3619 sizeof(gcmResetCiphertext2
), sizeof(gcmResetCiphertext1
)
3623 static int test_gcm_reinit(int idx
)
3625 int outlen1
, outlen2
, outlen3
;
3627 unsigned char outbuf
[1024];
3628 unsigned char tag
[16];
3629 const TEST_GCM_IV_REINIT_st
*t
= &gcm_reinit_tests
[idx
];
3630 EVP_CIPHER_CTX
*ctx
= NULL
;
3631 EVP_CIPHER
*type
= NULL
;
3632 size_t taglen
= sizeof(tag
);
3633 char *errmsg
= NULL
;
3635 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3636 errmsg
= "CTX_ALLOC";
3639 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-256-gcm", testpropq
))) {
3640 errmsg
= "CIPHER_FETCH";
3643 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, 1))) {
3644 errmsg
= "ENC_INIT";
3647 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen1
, NULL
))) {
3648 errmsg
= "SET_IVLEN1";
3651 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, kGCMResetKey
, t
->iv1
, 1))) {
3655 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3659 EVP_CIPHER_CTX_set_padding(ctx
, 0);
3660 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3661 sizeof(gcmResetPlaintext
)))) {
3662 errmsg
= "CIPHER_UPDATE1";
3665 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3666 errmsg
= "CIPHER_FINAL1";
3669 if (!TEST_mem_eq(t
->expected1
, t
->expectedlen1
, outbuf
, outlen1
+ outlen2
)) {
3670 errmsg
= "WRONG_RESULT1";
3673 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3674 errmsg
= "GET_TAG1";
3677 if (!TEST_mem_eq(t
->tag1
, taglen
, tag
, taglen
)) {
3678 errmsg
= "TAG_ERROR1";
3682 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen2
, NULL
))) {
3683 errmsg
= "SET_IVLEN2";
3686 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv2
, -1))) {
3690 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3694 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3695 sizeof(gcmResetPlaintext
)))) {
3696 errmsg
= "CIPHER_UPDATE2";
3699 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3700 errmsg
= "CIPHER_FINAL2";
3703 if (!TEST_mem_eq(t
->expected2
, t
->expectedlen2
, outbuf
, outlen1
+ outlen2
)) {
3704 errmsg
= "WRONG_RESULT2";
3707 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3708 errmsg
= "GET_TAG2";
3711 if (!TEST_mem_eq(t
->tag2
, taglen
, tag
, taglen
)) {
3712 errmsg
= "TAG_ERROR2";
3718 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3719 EVP_CIPHER_CTX_free(ctx
);
3720 EVP_CIPHER_free(type
);
3724 #ifndef OPENSSL_NO_DEPRECATED_3_0
3725 static EVP_PKEY_METHOD
*custom_pmeth
= NULL
;
3726 static const EVP_PKEY_METHOD
*orig_pmeth
= NULL
;
3728 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3730 static int custom_pmeth_init(EVP_PKEY_CTX
*ctx
)
3732 int (*pinit
)(EVP_PKEY_CTX
*ctx
);
3734 EVP_PKEY_meth_get_init(orig_pmeth
, &pinit
);
3738 static void custom_pmeth_cleanup(EVP_PKEY_CTX
*ctx
)
3740 void (*pcleanup
)(EVP_PKEY_CTX
*ctx
);
3742 EVP_PKEY_meth_get_cleanup(orig_pmeth
, &pcleanup
);
3746 static int custom_pmeth_sign(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
3747 size_t *outlen
, const unsigned char *in
,
3750 int (*psign
)(EVP_PKEY_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3751 const unsigned char *tbs
, size_t tbslen
);
3753 EVP_PKEY_meth_get_sign(orig_pmeth
, NULL
, &psign
);
3754 return psign(ctx
, out
, outlen
, in
, inlen
);
3757 static int custom_pmeth_digestsign(EVP_MD_CTX
*ctx
, unsigned char *sig
,
3758 size_t *siglen
, const unsigned char *tbs
,
3761 int (*pdigestsign
)(EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3762 const unsigned char *tbs
, size_t tbslen
);
3764 EVP_PKEY_meth_get_digestsign(orig_pmeth
, &pdigestsign
);
3765 return pdigestsign(ctx
, sig
, siglen
, tbs
, tbslen
);
3768 static int custom_pmeth_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
,
3771 int (*pderive
)(EVP_PKEY_CTX
*ctx
, unsigned char *key
, size_t *keylen
);
3773 EVP_PKEY_meth_get_derive(orig_pmeth
, NULL
, &pderive
);
3774 return pderive(ctx
, key
, keylen
);
3777 static int custom_pmeth_copy(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
)
3779 int (*pcopy
)(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
);
3781 EVP_PKEY_meth_get_copy(orig_pmeth
, &pcopy
);
3782 return pcopy(dst
, src
);
3785 static int ctrl_called
;
3787 static int custom_pmeth_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
3789 int (*pctrl
)(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
3791 EVP_PKEY_meth_get_ctrl(orig_pmeth
, &pctrl
, NULL
);
3793 if (type
== EVP_PKEY_CTRL_MY_COMMAND
) {
3798 return pctrl(ctx
, type
, p1
, p2
);
3801 static int test_custom_pmeth(int idx
)
3803 EVP_PKEY_CTX
*pctx
= NULL
;
3804 EVP_MD_CTX
*ctx
= NULL
;
3805 EVP_PKEY
*pkey
= NULL
;
3806 int id
, orig_id
, orig_flags
;
3809 unsigned char *res
= NULL
;
3810 unsigned char msg
[] = { 'H', 'e', 'l', 'l', 'o' };
3811 const EVP_MD
*md
= EVP_sha256();
3816 /* We call deprecated APIs so this test doesn't support a custom libctx */
3817 if (testctx
!= NULL
)
3824 pkey
= load_example_rsa_key();
3828 # ifndef OPENSSL_NO_DSA
3830 pkey
= load_example_dsa_key();
3837 # ifndef OPENSSL_NO_EC
3839 pkey
= load_example_ec_key();
3846 # ifndef OPENSSL_NO_EC
3847 id
= EVP_PKEY_ED25519
;
3849 pkey
= load_example_ed25519_key();
3856 # ifndef OPENSSL_NO_DH
3859 pkey
= load_example_dh_key();
3866 # ifndef OPENSSL_NO_EC
3867 id
= EVP_PKEY_X25519
;
3869 pkey
= load_example_x25519_key();
3875 TEST_error("Should not happen");
3879 if (!TEST_ptr(pkey
))
3883 if (!TEST_true(evp_pkey_is_provided(pkey
)))
3886 EVP_PKEY
*tmp
= pkey
;
3888 /* Convert to a legacy key */
3889 pkey
= EVP_PKEY_new();
3890 if (!TEST_ptr(pkey
)) {
3894 if (!TEST_true(evp_pkey_copy_downgraded(&pkey
, tmp
))) {
3899 if (!TEST_true(evp_pkey_is_legacy(pkey
)))
3903 if (!TEST_ptr(orig_pmeth
= EVP_PKEY_meth_find(id
))
3907 EVP_PKEY_meth_get0_info(&orig_id
, &orig_flags
, orig_pmeth
);
3908 if (!TEST_int_eq(orig_id
, id
)
3909 || !TEST_ptr(custom_pmeth
= EVP_PKEY_meth_new(id
, orig_flags
)))
3912 if (id
== EVP_PKEY_ED25519
) {
3913 EVP_PKEY_meth_set_digestsign(custom_pmeth
, custom_pmeth_digestsign
);
3914 } if (id
== EVP_PKEY_DH
|| id
== EVP_PKEY_X25519
) {
3915 EVP_PKEY_meth_set_derive(custom_pmeth
, NULL
, custom_pmeth_derive
);
3917 EVP_PKEY_meth_set_sign(custom_pmeth
, NULL
, custom_pmeth_sign
);
3919 if (id
!= EVP_PKEY_ED25519
&& id
!= EVP_PKEY_X25519
) {
3920 EVP_PKEY_meth_set_init(custom_pmeth
, custom_pmeth_init
);
3921 EVP_PKEY_meth_set_cleanup(custom_pmeth
, custom_pmeth_cleanup
);
3922 EVP_PKEY_meth_set_copy(custom_pmeth
, custom_pmeth_copy
);
3924 EVP_PKEY_meth_set_ctrl(custom_pmeth
, custom_pmeth_ctrl
, NULL
);
3925 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth
)))
3929 pctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
3931 || !TEST_int_eq(EVP_PKEY_derive_init(pctx
), 1)
3932 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
3933 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
3935 || !TEST_int_eq(ctrl_called
, 1)
3936 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx
, pkey
), 1)
3937 || !TEST_int_ge(EVP_PKEY_derive(pctx
, NULL
, &reslen
), 1)
3938 || !TEST_ptr(res
= OPENSSL_malloc(reslen
))
3939 || !TEST_int_ge(EVP_PKEY_derive(pctx
, res
, &reslen
), 1))
3942 ctx
= EVP_MD_CTX_new();
3943 reslen
= EVP_PKEY_size(pkey
);
3944 res
= OPENSSL_malloc(reslen
);
3947 || !TEST_true(EVP_DigestSignInit(ctx
, &pctx
, md
, NULL
, pkey
))
3948 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
3949 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
3951 || !TEST_int_eq(ctrl_called
, 1))
3954 if (id
== EVP_PKEY_ED25519
) {
3955 if (!TEST_true(EVP_DigestSign(ctx
, res
, &reslen
, msg
, sizeof(msg
))))
3958 if (!TEST_true(EVP_DigestUpdate(ctx
, msg
, sizeof(msg
)))
3959 || !TEST_true(EVP_DigestSignFinal(ctx
, res
, &reslen
)))
3967 EVP_MD_CTX_free(ctx
);
3969 EVP_PKEY_CTX_free(pctx
);
3970 EVP_PKEY_free(pkey
);
3971 EVP_PKEY_meth_remove(custom_pmeth
);
3972 EVP_PKEY_meth_free(custom_pmeth
);
3973 custom_pmeth
= NULL
;
3977 static int test_evp_md_cipher_meth(void)
3979 EVP_MD
*md
= EVP_MD_meth_dup(EVP_sha256());
3980 EVP_CIPHER
*ciph
= EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
3983 if (!TEST_ptr(md
) || !TEST_ptr(ciph
))
3989 EVP_MD_meth_free(md
);
3990 EVP_CIPHER_meth_free(ciph
);
3995 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
3996 /* Test we can create a signature keys with an associated ENGINE */
3997 static int test_signatures_with_engine(int tst
)
4000 const char *engine_id
= "dasync";
4001 EVP_PKEY
*pkey
= NULL
;
4002 const unsigned char badcmackey
[] = { 0x00, 0x01 };
4003 const unsigned char cmackey
[] = {
4004 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4005 0x0c, 0x0d, 0x0e, 0x0f
4007 const unsigned char ed25519key
[] = {
4008 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4009 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4010 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4012 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4014 EVP_MD_CTX
*ctx
= NULL
;
4015 unsigned char *mac
= NULL
;
4019 # ifdef OPENSSL_NO_CMAC
4020 /* Skip CMAC tests in a no-cmac build */
4025 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4028 if (!TEST_true(ENGINE_init(e
))) {
4035 pkey
= EVP_PKEY_new_CMAC_key(e
, cmackey
, sizeof(cmackey
),
4039 pkey
= EVP_PKEY_new_CMAC_key(e
, badcmackey
, sizeof(badcmackey
),
4043 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519
, e
, ed25519key
,
4044 sizeof(ed25519key
));
4047 TEST_error("Invalid test case");
4050 if (!TEST_ptr(pkey
))
4053 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
4056 ret
= EVP_DigestSignInit(ctx
, NULL
, tst
== 2 ? NULL
: EVP_sha256(), NULL
,
4059 if (!TEST_true(ret
))
4062 if (!TEST_true(EVP_DigestSignUpdate(ctx
, msg
, sizeof(msg
)))
4063 || !TEST_true(EVP_DigestSignFinal(ctx
, NULL
, &maclen
)))
4066 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
4069 if (!TEST_true(EVP_DigestSignFinal(ctx
, mac
, &maclen
)))
4072 /* We used a bad key. We expect a failure here */
4073 if (!TEST_false(ret
))
4079 EVP_MD_CTX_free(ctx
);
4081 EVP_PKEY_free(pkey
);
4088 static int test_cipher_with_engine(void)
4091 const char *engine_id
= "dasync";
4092 const unsigned char keyiv
[] = {
4093 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4094 0x0c, 0x0d, 0x0e, 0x0f
4096 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4098 EVP_CIPHER_CTX
*ctx
= NULL
, *ctx2
= NULL
;
4099 unsigned char buf
[AES_BLOCK_SIZE
];
4102 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4105 if (!TEST_true(ENGINE_init(e
))) {
4110 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
4111 || !TEST_ptr(ctx2
= EVP_CIPHER_CTX_new()))
4114 if (!TEST_true(EVP_EncryptInit_ex(ctx
, EVP_aes_128_cbc(), e
, keyiv
, keyiv
)))
4117 /* Copy the ctx, and complete the operation with the new ctx */
4118 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2
, ctx
)))
4121 if (!TEST_true(EVP_EncryptUpdate(ctx2
, buf
, &len
, msg
, sizeof(msg
)))
4122 || !TEST_true(EVP_EncryptFinal_ex(ctx2
, buf
+ len
, &len
)))
4127 EVP_CIPHER_CTX_free(ctx
);
4128 EVP_CIPHER_CTX_free(ctx2
);
4134 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4135 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4137 typedef enum OPTION_choice
{
4144 const OPTIONS
*test_get_options(void)
4146 static const OPTIONS options
[] = {
4147 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
4148 { "context", OPT_CONTEXT
, '-', "Explicitly use a non-default library context" },
4154 int setup_tests(void)
4158 while ((o
= opt_next()) != OPT_EOF
) {
4161 /* Set up an alternate library context */
4162 testctx
= OSSL_LIB_CTX_new();
4163 if (!TEST_ptr(testctx
))
4165 /* Swap the libctx to test non-default context only */
4166 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
4167 deflprov
= OSSL_PROVIDER_load(testctx
, "default");
4168 lgcyprov
= OSSL_PROVIDER_load(testctx
, "legacy");
4170 case OPT_TEST_CASES
:
4177 ADD_TEST(test_EVP_set_default_properties
);
4178 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 15);
4179 ADD_TEST(test_EVP_DigestVerifyInit
);
4180 ADD_TEST(test_EVP_Digest
);
4181 ADD_ALL_TESTS(test_EVP_PKEY_sign
, 3);
4182 ADD_ALL_TESTS(test_EVP_Enveloped
, 2);
4183 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
4184 ADD_TEST(test_privatekey_to_pkcs8
);
4185 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag
);
4186 #ifndef OPENSSL_NO_EC
4187 ADD_TEST(test_EVP_PKCS82PKEY
);
4189 #ifndef OPENSSL_NO_EC
4190 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
4192 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4193 ADD_TEST(test_EVP_SM2
);
4194 ADD_TEST(test_EVP_SM2_verify
);
4196 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
4197 #ifndef OPENSSL_NO_DEPRECATED_3_0
4198 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
4199 if (!TEST_ptr(custom_pmeth
))
4201 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
4202 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
4203 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
4204 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
4207 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
4208 #ifndef OPENSSL_NO_CMAC
4209 ADD_TEST(test_CMAC_keygen
);
4211 ADD_TEST(test_HKDF
);
4212 ADD_TEST(test_emptyikm_HKDF
);
4213 #ifndef OPENSSL_NO_EC
4214 ADD_TEST(test_X509_PUBKEY_inplace
);
4215 ADD_TEST(test_X509_PUBKEY_dup
);
4216 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
4217 OSSL_NELEM(ec_der_pub_keys
));
4219 #ifndef OPENSSL_NO_DSA
4220 ADD_TEST(test_DSA_get_set_params
);
4221 ADD_TEST(test_DSA_priv_pub
);
4223 ADD_TEST(test_RSA_get_set_params
);
4224 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4225 ADD_TEST(test_decrypt_null_chunks
);
4227 #ifndef OPENSSL_NO_DH
4228 ADD_TEST(test_DH_priv_pub
);
4229 # ifndef OPENSSL_NO_DEPRECATED_3_0
4230 ADD_TEST(test_EVP_PKEY_set1_DH
);
4233 #ifndef OPENSSL_NO_EC
4234 ADD_TEST(test_EC_priv_pub
);
4235 # ifndef OPENSSL_NO_DEPRECATED_3_0
4236 ADD_TEST(test_EC_priv_only_legacy
);
4239 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
4240 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
4242 ADD_TEST(test_rand_agglomeration
);
4243 ADD_ALL_TESTS(test_evp_iv_aes
, 12);
4244 #ifndef OPENSSL_NO_DES
4245 ADD_ALL_TESTS(test_evp_iv_des
, 6);
4247 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits
);
4248 #ifndef OPENSSL_NO_EC
4249 ADD_ALL_TESTS(test_ecpub
, OSSL_NELEM(ecpub_nids
));
4252 ADD_TEST(test_names_do_all
);
4254 ADD_ALL_TESTS(test_evp_init_seq
, OSSL_NELEM(evp_init_tests
));
4255 ADD_ALL_TESTS(test_evp_reset
, OSSL_NELEM(evp_reset_tests
));
4256 ADD_ALL_TESTS(test_gcm_reinit
, OSSL_NELEM(gcm_reinit_tests
));
4257 ADD_ALL_TESTS(test_evp_updated_iv
, OSSL_NELEM(evp_updated_iv_tests
));
4259 #ifndef OPENSSL_NO_DEPRECATED_3_0
4260 ADD_ALL_TESTS(test_custom_pmeth
, 12);
4261 ADD_TEST(test_evp_md_cipher_meth
);
4263 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4264 /* Tests only support the default libctx */
4265 if (testctx
== NULL
) {
4266 # ifndef OPENSSL_NO_EC
4267 ADD_ALL_TESTS(test_signatures_with_engine
, 3);
4269 ADD_ALL_TESTS(test_signatures_with_engine
, 2);
4271 ADD_TEST(test_cipher_with_engine
);
4279 void cleanup_tests(void)
4281 OSSL_PROVIDER_unload(nullprov
);
4282 OSSL_PROVIDER_unload(deflprov
);
4283 OSSL_PROVIDER_unload(lgcyprov
);
4284 OSSL_LIB_CTX_free(testctx
);