2 * Copyright 2015-2023 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
34 #include <openssl/proverr.h>
36 #include "internal/nelem.h"
37 #include "internal/sizes.h"
38 #include "crypto/evp.h"
39 #include "fake_rsaprov.h"
41 static OSSL_LIB_CTX
*testctx
= NULL
;
42 static char *testpropq
= NULL
;
44 static OSSL_PROVIDER
*nullprov
= NULL
;
45 static OSSL_PROVIDER
*deflprov
= NULL
;
46 static OSSL_PROVIDER
*lgcyprov
= NULL
;
49 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
50 * should never use this key anywhere but in an example.
52 static const unsigned char kExampleRSAKeyDER
[] = {
53 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
54 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
55 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
56 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
57 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
58 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
59 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
60 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
61 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
62 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
63 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
64 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
65 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
66 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
67 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
68 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
69 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
70 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
71 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
72 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
73 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
74 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
75 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
76 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
77 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
78 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
79 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
80 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
81 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
82 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
83 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
84 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
85 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
86 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
87 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
88 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
89 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
90 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
91 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
92 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
93 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
94 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
95 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
96 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
97 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
98 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
99 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
100 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
101 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
102 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
103 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
107 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
108 * should never use this key anywhere but in an example.
110 #ifndef OPENSSL_NO_DSA
111 static const unsigned char kExampleDSAKeyDER
[] = {
112 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
113 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
114 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
115 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
116 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
117 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
118 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
119 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
120 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
121 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
122 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
123 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
124 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
125 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
126 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
127 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
128 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
129 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
130 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
131 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
132 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
133 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
134 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
135 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
136 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
137 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
138 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
139 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
140 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
141 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
142 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
143 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
144 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
145 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
146 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
147 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
148 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
154 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
155 * components are not correct.
157 static const unsigned char kExampleBadRSAKeyDER
[] = {
158 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
159 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
160 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
161 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
162 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
163 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
164 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
165 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
166 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
167 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
168 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
169 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
170 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
171 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
172 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
173 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
174 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
175 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
176 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
177 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
178 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
179 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
180 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
181 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
182 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
183 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
184 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
185 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
186 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
187 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
188 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
189 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
190 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
191 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
192 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
193 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
194 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
195 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
196 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
197 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
198 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
199 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
200 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
201 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
202 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
203 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
204 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
205 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
206 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
207 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
208 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
209 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
210 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
211 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
212 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
213 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
214 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
215 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
216 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
217 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
218 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
219 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
220 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
221 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
222 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
223 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
224 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
225 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
226 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
227 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
228 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
229 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
230 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
231 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
232 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
233 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
234 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
235 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
236 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
237 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
238 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
239 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
240 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
241 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
242 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
243 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
244 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
245 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
246 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
250 * kExampleBad2RSAKeyDER is an RSA private key in ASN.1, DER format. All
253 static const unsigned char kExampleBad2RSAKeyDER
[] = {
254 0x30, 0x1b, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
255 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02, 0x01, 0x00, 0x02,
256 0x01, 0x00, 0x02, 0x01, 0x00
259 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
261 static const unsigned char kSignature
[] = {
262 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
263 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
264 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
265 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
266 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
267 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
268 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
269 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
270 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
271 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
272 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
276 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
279 static const unsigned char kExampleRSAKeyPKCS8
[] = {
280 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
281 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
282 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
283 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
284 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
285 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
286 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
287 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
288 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
289 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
290 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
291 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
292 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
293 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
294 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
295 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
296 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
297 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
298 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
299 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
300 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
301 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
302 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
303 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
304 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
305 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
306 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
307 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
308 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
309 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
310 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
311 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
312 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
313 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
314 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
315 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
316 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
317 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
318 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
319 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
320 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
321 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
322 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
323 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
324 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
325 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
326 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
327 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
328 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
329 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
330 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
331 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
332 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
335 #ifndef OPENSSL_NO_EC
337 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
340 static const unsigned char kExampleECKeyDER
[] = {
341 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
342 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
343 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
344 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
345 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
346 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
347 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
348 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
349 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
350 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
355 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
356 * structure. The private key is equal to the order and will fail to import
358 static const unsigned char kExampleBadECKeyDER
[] = {
359 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
360 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
361 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
362 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
363 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
364 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
365 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
366 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
367 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
371 static const unsigned char kExampleECPubKeyDER
[] = {
372 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
373 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
374 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
375 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
376 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
377 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
378 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
379 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
383 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
384 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
386 static const unsigned char kExampleBadECPubKeyDER
[] = {
387 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
388 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
389 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
390 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
391 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
392 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
393 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
394 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
397 static const unsigned char pExampleECParamDER
[] = {
398 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
401 # ifndef OPENSSL_NO_ECX
402 static const unsigned char kExampleED25519KeyDER
[] = {
403 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
404 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
405 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
406 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
409 static const unsigned char kExampleED25519PubKeyDER
[] = {
410 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
411 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
412 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
413 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
416 # ifndef OPENSSL_NO_DEPRECATED_3_0
417 static const unsigned char kExampleX25519KeyDER
[] = {
418 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
419 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
420 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
421 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
427 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
428 #ifndef OPENSSL_NO_DEPRECATED_3_0
429 # ifndef OPENSSL_NO_DH
430 static const unsigned char kExampleDHKeyDER
[] = {
431 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
432 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
433 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
434 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
435 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
436 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
437 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
438 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
439 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
440 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
441 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
442 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
443 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
444 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
445 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
446 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
447 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
448 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
449 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
450 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
451 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
452 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
453 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
454 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
455 0x2e, 0x87, 0x2a, 0x0b, 0x7a
460 static const unsigned char kCFBDefaultKey
[] = {
461 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
462 0x09, 0xCF, 0x4F, 0x3C
465 static const unsigned char kGCMDefaultKey
[32] = { 0 };
467 static const unsigned char kGCMResetKey
[] = {
468 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
469 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
470 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
473 static const unsigned char iCFBIV
[] = {
474 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
475 0x0C, 0x0D, 0x0E, 0x0F
478 static const unsigned char iGCMDefaultIV
[12] = { 0 };
480 static const unsigned char iGCMResetIV1
[] = {
481 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
484 static const unsigned char iGCMResetIV2
[] = {
485 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
488 static const unsigned char cfbPlaintext
[] = {
489 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
490 0x73, 0x93, 0x17, 0x2A
493 static const unsigned char gcmDefaultPlaintext
[16] = { 0 };
495 static const unsigned char gcmResetPlaintext
[] = {
496 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
497 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
498 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
499 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
500 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
503 static const unsigned char cfbCiphertext
[] = {
504 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
505 0xE8, 0x3C, 0xFB, 0x4A
508 static const unsigned char gcmDefaultCiphertext
[] = {
509 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
510 0xba, 0xf3, 0x9d, 0x18
513 static const unsigned char gcmResetCiphertext1
[] = {
514 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
515 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
516 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
517 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
518 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
521 static const unsigned char gcmResetCiphertext2
[] = {
522 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
523 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
524 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
525 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
526 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
529 static const unsigned char gcmAAD
[] = {
530 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
531 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
534 static const unsigned char gcmDefaultTag
[] = {
535 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
536 0xd4, 0x8a, 0xb9, 0x19
539 static const unsigned char gcmResetTag1
[] = {
540 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
541 0xfe, 0x2e, 0xa8, 0xf2
544 static const unsigned char gcmResetTag2
[] = {
545 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
546 0xbb, 0x2d, 0x55, 0x1b
549 typedef struct APK_DATA_st
{
550 const unsigned char *kder
;
557 int type
; /* 0 for private, 1 for public, 2 for params */
560 static APK_DATA keydata
[] = {
561 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
},
562 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), "RSA", EVP_PKEY_RSA
},
563 #ifndef OPENSSL_NO_EC
564 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
}
568 static APK_DATA keycheckdata
[] = {
569 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
, 1, 1, 1,
571 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), "RSA", EVP_PKEY_RSA
,
573 {kExampleBad2RSAKeyDER
, sizeof(kExampleBad2RSAKeyDER
), "RSA", EVP_PKEY_RSA
,
574 0, 0, 1 /* Since there are no "params" in an RSA key this passes */, 0},
575 #ifndef OPENSSL_NO_EC
576 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
, 1, 1, 1, 0},
577 /* group is also associated in our pub key */
578 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), "EC", EVP_PKEY_EC
, 0, 1,
580 {pExampleECParamDER
, sizeof(pExampleECParamDER
), "EC", EVP_PKEY_EC
, 0, 0, 1,
582 # ifndef OPENSSL_NO_ECX
583 {kExampleED25519KeyDER
, sizeof(kExampleED25519KeyDER
), "ED25519",
584 EVP_PKEY_ED25519
, 1, 1, 1, 0},
585 {kExampleED25519PubKeyDER
, sizeof(kExampleED25519PubKeyDER
), "ED25519",
586 EVP_PKEY_ED25519
, 0, 1, 1, 1},
591 static EVP_PKEY
*load_example_key(const char *keytype
,
592 const unsigned char *data
, size_t data_len
)
594 const unsigned char **pdata
= &data
;
595 EVP_PKEY
*pkey
= NULL
;
596 OSSL_DECODER_CTX
*dctx
=
597 OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", NULL
, keytype
, 0,
600 /* |pkey| will be NULL on error */
601 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
602 OSSL_DECODER_CTX_free(dctx
);
606 static EVP_PKEY
*load_example_rsa_key(void)
608 return load_example_key("RSA", kExampleRSAKeyDER
,
609 sizeof(kExampleRSAKeyDER
));
612 #ifndef OPENSSL_NO_DSA
613 static EVP_PKEY
*load_example_dsa_key(void)
615 return load_example_key("DSA", kExampleDSAKeyDER
,
616 sizeof(kExampleDSAKeyDER
));
620 #ifndef OPENSSL_NO_EC
621 static EVP_PKEY
*load_example_ec_key(void)
623 return load_example_key("EC", kExampleECKeyDER
,
624 sizeof(kExampleECKeyDER
));
628 #ifndef OPENSSL_NO_DEPRECATED_3_0
629 # ifndef OPENSSL_NO_DH
630 static EVP_PKEY
*load_example_dh_key(void)
632 return load_example_key("DH", kExampleDHKeyDER
,
633 sizeof(kExampleDHKeyDER
));
637 # ifndef OPENSSL_NO_ECX
638 static EVP_PKEY
*load_example_ed25519_key(void)
640 return load_example_key("ED25519", kExampleED25519KeyDER
,
641 sizeof(kExampleED25519KeyDER
));
644 static EVP_PKEY
*load_example_x25519_key(void)
646 return load_example_key("X25519", kExampleX25519KeyDER
,
647 sizeof(kExampleX25519KeyDER
));
650 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
652 static EVP_PKEY
*load_example_hmac_key(void)
654 EVP_PKEY
*pkey
= NULL
;
655 unsigned char key
[] = {
656 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
657 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
658 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
661 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, "HMAC",
662 NULL
, key
, sizeof(key
));
669 static int test_EVP_set_default_properties(void)
675 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
676 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
681 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
682 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
683 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
688 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
689 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
694 OSSL_LIB_CTX_free(ctx
);
698 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
699 static EVP_PKEY
*make_key_fromdata(char *keytype
, OSSL_PARAM
*params
)
701 EVP_PKEY_CTX
*pctx
= NULL
;
702 EVP_PKEY
*tmp_pkey
= NULL
, *pkey
= NULL
;
704 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, keytype
, testpropq
)))
706 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
707 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &tmp_pkey
, EVP_PKEY_KEYPAIR
,
711 if (!TEST_ptr(tmp_pkey
))
717 EVP_PKEY_free(tmp_pkey
);
718 EVP_PKEY_CTX_free(pctx
);
722 static int test_selection(EVP_PKEY
*pkey
, int selection
)
726 BIO
*bio
= BIO_new(BIO_s_mem());
728 ret
= PEM_write_bio_PUBKEY(bio
, pkey
);
729 if ((selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0) {
733 if (!TEST_false(ret
))
736 ret
= PEM_write_bio_PrivateKey_ex(bio
, pkey
, NULL
, NULL
, 0, NULL
, NULL
,
738 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
742 if (!TEST_false(ret
))
752 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
755 * Test combinations of private, public, missing and private + public key
756 * params to ensure they are all accepted
758 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
759 static int test_EVP_PKEY_ffc_priv_pub(char *keytype
)
761 OSSL_PARAM_BLD
*bld
= NULL
;
762 OSSL_PARAM
*params
= NULL
;
763 EVP_PKEY
*just_params
= NULL
;
764 EVP_PKEY
*params_and_priv
= NULL
;
765 EVP_PKEY
*params_and_pub
= NULL
;
766 EVP_PKEY
*params_and_keypair
= NULL
;
767 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
771 * Setup the parameters for our pkey object. For our purposes they don't
772 * have to actually be *valid* parameters. We just need to set something.
774 if (!TEST_ptr(p
= BN_new())
775 || !TEST_ptr(q
= BN_new())
776 || !TEST_ptr(g
= BN_new())
777 || !TEST_ptr(pub
= BN_new())
778 || !TEST_ptr(priv
= BN_new()))
781 /* Test !priv and !pub */
782 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
783 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
784 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
)))
787 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
788 || !TEST_ptr(just_params
= make_key_fromdata(keytype
, params
)))
791 OSSL_PARAM_free(params
);
792 OSSL_PARAM_BLD_free(bld
);
796 if (!test_selection(just_params
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
797 || test_selection(just_params
, OSSL_KEYMGMT_SELECT_KEYPAIR
))
800 /* Test priv and !pub */
801 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
802 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
803 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
804 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
805 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
808 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
809 || !TEST_ptr(params_and_priv
= make_key_fromdata(keytype
, params
)))
812 OSSL_PARAM_free(params
);
813 OSSL_PARAM_BLD_free(bld
);
817 if (!test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
)
818 || test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
821 /* Test !priv and pub */
822 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
823 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
824 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
825 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
826 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
829 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
830 || !TEST_ptr(params_and_pub
= make_key_fromdata(keytype
, params
)))
833 OSSL_PARAM_free(params
);
834 OSSL_PARAM_BLD_free(bld
);
838 if (!test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
)
839 || test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
842 /* Test priv and pub */
843 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
844 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
845 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
846 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
847 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
849 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
852 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
853 || !TEST_ptr(params_and_keypair
= make_key_fromdata(keytype
, params
)))
856 if (!test_selection(params_and_keypair
, EVP_PKEY_KEYPAIR
))
861 OSSL_PARAM_free(params
);
862 OSSL_PARAM_BLD_free(bld
);
863 EVP_PKEY_free(just_params
);
864 EVP_PKEY_free(params_and_priv
);
865 EVP_PKEY_free(params_and_pub
);
866 EVP_PKEY_free(params_and_keypair
);
875 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
878 * Test combinations of private, public, missing and private + public key
879 * params to ensure they are all accepted for EC keys
881 #ifndef OPENSSL_NO_EC
882 static unsigned char ec_priv
[] = {
883 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
884 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
885 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
887 static unsigned char ec_pub
[] = {
888 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
889 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
890 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
891 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
892 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
893 0x08, 0x09, 0xb8, 0xdb, 0x03
896 static int test_EC_priv_pub(void)
898 OSSL_PARAM_BLD
*bld
= NULL
;
899 OSSL_PARAM
*params
= NULL
;
900 EVP_PKEY
*just_params
= NULL
;
901 EVP_PKEY
*params_and_priv
= NULL
;
902 EVP_PKEY
*params_and_pub
= NULL
;
903 EVP_PKEY
*params_and_keypair
= NULL
;
906 unsigned char *encoded
= NULL
;
908 unsigned char buffer
[128];
911 * Setup the parameters for our pkey object. For our purposes they don't
912 * have to actually be *valid* parameters. We just need to set something.
914 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
917 /* Test !priv and !pub */
918 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
919 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
920 OSSL_PKEY_PARAM_GROUP_NAME
,
923 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
924 || !TEST_ptr(just_params
= make_key_fromdata("EC", params
)))
927 OSSL_PARAM_free(params
);
928 OSSL_PARAM_BLD_free(bld
);
932 if (!test_selection(just_params
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
933 || test_selection(just_params
, OSSL_KEYMGMT_SELECT_KEYPAIR
))
936 /* Test priv and !pub */
937 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
938 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
939 OSSL_PKEY_PARAM_GROUP_NAME
,
941 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
944 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
945 || !TEST_ptr(params_and_priv
= make_key_fromdata("EC", params
)))
948 OSSL_PARAM_free(params
);
949 OSSL_PARAM_BLD_free(bld
);
954 * We indicate only parameters here, in spite of having built a key that
955 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
956 * expected to fail because it does not support exporting a private EC
957 * key without a corresponding public key
959 if (!test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
960 || test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
963 /* Test !priv and pub */
964 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
965 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
966 OSSL_PKEY_PARAM_GROUP_NAME
,
968 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
969 OSSL_PKEY_PARAM_PUB_KEY
,
970 ec_pub
, sizeof(ec_pub
))))
972 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
973 || !TEST_ptr(params_and_pub
= make_key_fromdata("EC", params
)))
976 OSSL_PARAM_free(params
);
977 OSSL_PARAM_BLD_free(bld
);
981 if (!test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
)
982 || test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
985 /* Test priv and pub */
986 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
987 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
988 OSSL_PKEY_PARAM_GROUP_NAME
,
990 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
991 OSSL_PKEY_PARAM_PUB_KEY
,
992 ec_pub
, sizeof(ec_pub
)))
993 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
996 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
997 || !TEST_ptr(params_and_keypair
= make_key_fromdata("EC", params
)))
1000 if (!test_selection(params_and_keypair
, EVP_PKEY_KEYPAIR
))
1003 /* Try key equality */
1004 if (!TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, just_params
), 0)
1005 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_pub
),
1007 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_priv
),
1009 || !TEST_int_gt(EVP_PKEY_parameters_eq(just_params
, params_and_keypair
),
1011 || !TEST_int_gt(EVP_PKEY_eq(params_and_pub
, params_and_pub
), 0)
1012 || !TEST_int_gt(EVP_PKEY_eq(params_and_priv
, params_and_priv
), 0)
1013 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair
, params_and_pub
), 0)
1014 || !TEST_int_gt(EVP_PKEY_eq(params_and_keypair
, params_and_priv
), 0))
1017 /* Positive and negative testcase for EVP_PKEY_get1_encoded_public_key */
1018 if (!TEST_int_gt(EVP_PKEY_get1_encoded_public_key(params_and_pub
, &encoded
), 0))
1020 OPENSSL_free(encoded
);
1022 if (!TEST_int_eq(EVP_PKEY_get1_encoded_public_key(just_params
, &encoded
), 0)) {
1023 OPENSSL_free(encoded
);
1028 /* Positive and negative testcase for EVP_PKEY_get_octet_string_param */
1029 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub
,
1030 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY
,
1031 buffer
, sizeof(buffer
), &len
), 1)
1032 || !TEST_int_eq(len
, 65))
1036 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub
,
1037 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY
,
1039 || !TEST_int_eq(len
, 65))
1042 /* too-short buffer len*/
1043 if (!TEST_int_eq(EVP_PKEY_get_octet_string_param(params_and_pub
,
1044 OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY
,
1045 buffer
, 10, &len
), 0))
1050 OSSL_PARAM_free(params
);
1051 OSSL_PARAM_BLD_free(bld
);
1052 EVP_PKEY_free(just_params
);
1053 EVP_PKEY_free(params_and_priv
);
1054 EVP_PKEY_free(params_and_pub
);
1055 EVP_PKEY_free(params_and_keypair
);
1061 /* Also test that we can read the EC PUB affine coordinates */
1062 static int test_evp_get_ec_pub(void)
1064 OSSL_PARAM_BLD
*bld
= NULL
;
1065 OSSL_PARAM
*params
= NULL
;
1066 unsigned char *pad
= NULL
;
1067 EVP_PKEY
*keypair
= NULL
;
1068 BIGNUM
*priv
= NULL
;
1073 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
1076 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
1077 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
1078 OSSL_PKEY_PARAM_GROUP_NAME
,
1080 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
1081 OSSL_PKEY_PARAM_PUB_KEY
,
1082 ec_pub
, sizeof(ec_pub
)))
1083 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
1087 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
1088 || !TEST_ptr(keypair
= make_key_fromdata("EC", params
)))
1091 if (!test_selection(keypair
, EVP_PKEY_KEYPAIR
))
1094 if (!EVP_PKEY_get_bn_param(keypair
, OSSL_PKEY_PARAM_EC_PUB_X
, &x
)
1095 || !EVP_PKEY_get_bn_param(keypair
, OSSL_PKEY_PARAM_EC_PUB_Y
, &y
))
1098 if (!TEST_ptr(pad
= OPENSSL_zalloc(sizeof(ec_pub
))))
1102 BN_bn2bin(x
, &pad
[1]);
1103 BN_bn2bin(y
, &pad
[33]);
1104 if (!TEST_true(memcmp(ec_pub
, pad
, sizeof(ec_pub
)) == 0))
1110 OSSL_PARAM_free(params
);
1111 OSSL_PARAM_BLD_free(bld
);
1112 EVP_PKEY_free(keypair
);
1120 /* Test that using a legacy EC key with only a private key in it works */
1121 # ifndef OPENSSL_NO_DEPRECATED_3_0
1122 static int test_EC_priv_only_legacy(void)
1124 BIGNUM
*priv
= NULL
;
1126 EC_KEY
*eckey
= NULL
;
1127 EVP_PKEY
*pkey
= NULL
, *dup_pk
= NULL
;
1128 EVP_MD_CTX
*ctx
= NULL
;
1130 /* Create the low level EC_KEY */
1131 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
1134 eckey
= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
);
1135 if (!TEST_ptr(eckey
))
1138 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
1141 pkey
= EVP_PKEY_new();
1142 if (!TEST_ptr(pkey
))
1145 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1149 while (dup_pk
== NULL
) {
1151 ctx
= EVP_MD_CTX_new();
1156 * The EVP_DigestSignInit function should create the key on the
1157 * provider side which is sufficient for this test.
1159 if (!TEST_true(EVP_DigestSignInit_ex(ctx
, NULL
, NULL
, testctx
,
1160 testpropq
, pkey
, NULL
)))
1162 EVP_MD_CTX_free(ctx
);
1165 if (!TEST_ptr(dup_pk
= EVP_PKEY_dup(pkey
)))
1167 /* EVP_PKEY_eq() returns -2 with missing public keys */
1168 ret
= TEST_int_eq(EVP_PKEY_eq(pkey
, dup_pk
), -2);
1169 EVP_PKEY_free(pkey
);
1176 EVP_MD_CTX_free(ctx
);
1177 EVP_PKEY_free(pkey
);
1184 static int test_evp_get_ec_pub_legacy(void)
1186 OSSL_LIB_CTX
*libctx
= NULL
;
1187 unsigned char *pad
= NULL
;
1188 EVP_PKEY
*pkey
= NULL
;
1189 EC_KEY
*eckey
= NULL
;
1190 BIGNUM
*priv
= NULL
;
1195 if (!TEST_ptr(libctx
= OSSL_LIB_CTX_new()))
1198 /* Create the legacy key */
1199 if (!TEST_ptr(eckey
= EC_KEY_new_by_curve_name_ex(libctx
, NULL
,
1200 NID_X9_62_prime256v1
)))
1203 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
1206 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
1209 if (!TEST_ptr(x
= BN_bin2bn(&ec_pub
[1], 32, NULL
)))
1212 if (!TEST_ptr(y
= BN_bin2bn(&ec_pub
[33], 32, NULL
)))
1215 if (!TEST_true(EC_KEY_set_public_key_affine_coordinates(eckey
, x
, y
)))
1218 if (!TEST_ptr(pkey
= EVP_PKEY_new()))
1221 /* Transfer the legacy key */
1222 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1226 if (!TEST_true(EVP_PKEY_get_bn_param(pkey
, OSSL_PKEY_PARAM_EC_PUB_X
, &x
))
1227 || !TEST_true(EVP_PKEY_get_bn_param(pkey
, OSSL_PKEY_PARAM_EC_PUB_Y
, &y
)))
1230 if (!TEST_ptr(pad
= OPENSSL_zalloc(sizeof(ec_pub
))))
1234 BN_bn2bin(x
, &pad
[1]);
1235 BN_bn2bin(y
, &pad
[33]);
1237 if (!TEST_true(memcmp(ec_pub
, pad
, sizeof(ec_pub
)) == 0))
1243 OSSL_LIB_CTX_free(libctx
);
1244 EVP_PKEY_free(pkey
);
1253 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1254 #endif /* OPENSSL_NO_EC */
1256 static int test_EVP_PKEY_sign(int tst
)
1259 EVP_PKEY
*pkey
= NULL
;
1260 unsigned char *sig
= NULL
;
1261 size_t sig_len
= 0, shortsig_len
= 1;
1262 EVP_PKEY_CTX
*ctx
= NULL
;
1263 unsigned char tbs
[] = {
1264 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1265 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1269 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1271 } else if (tst
== 1) {
1272 #ifndef OPENSSL_NO_DSA
1273 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1280 #ifndef OPENSSL_NO_EC
1281 if (!TEST_ptr(pkey
= load_example_ec_key()))
1289 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1291 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1292 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1295 sig
= OPENSSL_malloc(sig_len
);
1297 /* Test sending a signature buffer that is too short is rejected */
1298 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1300 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1302 /* Test the signature round-trips */
1303 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1304 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1310 EVP_PKEY_CTX_free(ctx
);
1312 EVP_PKEY_free(pkey
);
1316 #ifndef OPENSSL_NO_DEPRECATED_3_0
1317 static int test_EVP_PKEY_sign_with_app_method(int tst
)
1320 EVP_PKEY
*pkey
= NULL
;
1322 RSA_METHOD
*rsa_meth
= NULL
;
1323 #ifndef OPENSSL_NO_DSA
1325 DSA_METHOD
*dsa_meth
= NULL
;
1327 unsigned char *sig
= NULL
;
1328 size_t sig_len
= 0, shortsig_len
= 1;
1329 EVP_PKEY_CTX
*ctx
= NULL
;
1330 unsigned char tbs
[] = {
1331 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1332 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1336 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1338 if (!TEST_ptr(rsa_meth
= RSA_meth_dup(RSA_get_default_method())))
1341 if (!TEST_ptr(rsa
= EVP_PKEY_get1_RSA(pkey
))
1342 || !TEST_int_gt(RSA_set_method(rsa
, rsa_meth
), 0)
1343 || !TEST_int_gt(EVP_PKEY_assign_RSA(pkey
, rsa
), 0))
1345 rsa
= NULL
; /* now owned by the pkey */
1347 #ifndef OPENSSL_NO_DSA
1348 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1350 if (!TEST_ptr(dsa_meth
= DSA_meth_dup(DSA_get_default_method())))
1353 if (!TEST_ptr(dsa
= EVP_PKEY_get1_DSA(pkey
))
1354 || !TEST_int_gt(DSA_set_method(dsa
, dsa_meth
), 0)
1355 || !TEST_int_gt(EVP_PKEY_assign_DSA(pkey
, dsa
), 0))
1357 dsa
= NULL
; /* now owned by the pkey */
1364 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1366 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1367 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1370 sig
= OPENSSL_malloc(sig_len
);
1372 /* Test sending a signature buffer that is too short is rejected */
1373 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1375 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1377 /* Test the signature round-trips */
1378 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1379 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1385 EVP_PKEY_CTX_free(ctx
);
1387 EVP_PKEY_free(pkey
);
1389 RSA_meth_free(rsa_meth
);
1390 #ifndef OPENSSL_NO_DSA
1392 DSA_meth_free(dsa_meth
);
1396 #endif /* !OPENSSL_NO_DEPRECATED_3_0 */
1399 * n = 0 => test using legacy cipher
1400 * n = 1 => test using fetched cipher
1402 static int test_EVP_Enveloped(int n
)
1405 EVP_CIPHER_CTX
*ctx
= NULL
;
1406 EVP_PKEY
*keypair
= NULL
;
1407 unsigned char *kek
= NULL
;
1408 unsigned char iv
[EVP_MAX_IV_LENGTH
];
1409 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1410 int len
, kek_len
, ciphertext_len
, plaintext_len
;
1411 unsigned char ciphertext
[32], plaintext
[16];
1412 EVP_CIPHER
*type
= NULL
;
1414 if (nullprov
!= NULL
)
1415 return TEST_skip("Test does not support a non-default library context");
1418 type
= (EVP_CIPHER
*)EVP_aes_256_cbc();
1419 else if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "AES-256-CBC",
1423 if (!TEST_ptr(keypair
= load_example_rsa_key())
1424 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_get_size(keypair
)))
1425 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1426 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
1428 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
1430 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
1434 ciphertext_len
+= len
;
1436 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
1437 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
1438 ciphertext
, ciphertext_len
))
1439 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
1442 plaintext_len
+= len
;
1443 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
1449 EVP_CIPHER_free(type
);
1451 EVP_PKEY_free(keypair
);
1452 EVP_CIPHER_CTX_free(ctx
);
1457 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1458 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1459 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1460 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1461 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1462 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1463 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1464 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1465 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1466 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1467 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1468 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1469 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1470 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1471 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1472 * Test 15-29: Same as above with reinitialization
1474 static int test_EVP_DigestSignInit(int tst
)
1477 EVP_PKEY
*pkey
= NULL
;
1478 unsigned char *sig
= NULL
, *sig2
= NULL
;
1479 size_t sig_len
= 0, sig2_len
= 0, shortsig_len
= 1;
1480 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
1481 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
1482 BIO
*mdbio
= NULL
, *membio
= NULL
;
1485 EVP_MD
*mdexp
= NULL
;
1488 if (nullprov
!= NULL
)
1489 return TEST_skip("Test does not support a non-default library context");
1496 if (tst
>= 6 && tst
<= 8) {
1497 membio
= BIO_new(BIO_s_mem());
1498 mdbio
= BIO_new(BIO_f_md());
1499 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
1501 BIO_push(mdbio
, membio
);
1502 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
1505 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
1506 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
1511 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1513 } else if (tst
% 3 == 1) {
1514 #ifndef OPENSSL_NO_DSA
1515 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1522 if (!TEST_ptr(pkey
= load_example_hmac_key()))
1526 if (tst
>= 3 && tst
<= 5)
1527 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
1531 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
1534 if (reinit
&& !TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, NULL
, NULL
, NULL
)))
1537 if (tst
>= 6 && tst
<= 8) {
1538 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
1540 } else if (tst
< 6) {
1541 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1546 /* Determine the size of the signature. */
1547 if (!TEST_true(EVP_DigestSign(md_ctx
, NULL
, &sig_len
, kMsg
,
1549 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1552 /* Test that supply a short sig buffer fails */
1553 if (!TEST_false(EVP_DigestSign(md_ctx
, sig
, &shortsig_len
, kMsg
,
1557 * We end here because once EVP_DigestSign() has failed you should
1558 * not call it again without re-initing the ctx
1563 if (!TEST_true(EVP_DigestSign(md_ctx
, sig
, &sig_len
, kMsg
,
1567 /* Determine the size of the signature. */
1568 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
1569 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
1571 * Trying to create a signature with a deliberately short
1572 * buffer should fail.
1574 || !TEST_false(EVP_DigestSignFinal(md_ctx
, sig
, &shortsig_len
))
1575 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1580 * Ensure that the signature round-trips (Verification isn't supported for
1581 * HMAC via EVP_DigestVerify*)
1584 if (tst
>= 6 && tst
<= 8) {
1585 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
1586 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
1590 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
1594 if (tst
>= 6 && tst
<= 8) {
1595 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
1598 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
1602 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1605 /* Multiple calls to EVP_DigestVerifyFinal should work */
1606 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1610 * For HMAC a doubled call to DigestSignFinal should produce the same
1611 * value as finalization should not happen.
1613 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig2_len
))
1614 || !TEST_ptr(sig2
= OPENSSL_malloc(sig2_len
))
1615 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig2
, &sig2_len
)))
1618 if (!TEST_mem_eq(sig
, sig_len
, sig2
, sig2_len
))
1627 EVP_MD_CTX_free(a_md_ctx
);
1628 EVP_MD_CTX_free(a_md_ctx_verify
);
1629 EVP_PKEY_free(pkey
);
1637 static int test_EVP_DigestVerifyInit(void)
1640 EVP_PKEY
*pkey
= NULL
;
1641 EVP_MD_CTX
*md_ctx
= NULL
;
1643 if (nullprov
!= NULL
)
1644 return TEST_skip("Test does not support a non-default library context");
1646 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1647 || !TEST_ptr(pkey
= load_example_rsa_key()))
1650 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
1651 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1652 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1653 sizeof(kSignature
)), 0))
1656 /* test with reinitialization */
1657 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, NULL
, NULL
, NULL
))
1658 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1659 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1660 sizeof(kSignature
)), 0))
1665 EVP_MD_CTX_free(md_ctx
);
1666 EVP_PKEY_free(pkey
);
1670 #ifndef OPENSSL_NO_SIPHASH
1671 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1672 static int test_siphash_digestsign(void)
1674 unsigned char key
[16];
1675 unsigned char buf
[8], digest
[8];
1676 unsigned char expected
[8] = {
1677 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1679 EVP_PKEY
*pkey
= NULL
;
1680 EVP_MD_CTX
*mdctx
= NULL
;
1681 EVP_PKEY_CTX
*ctx
= NULL
;
1685 if (nullprov
!= NULL
)
1686 return TEST_skip("Test does not support a non-default library context");
1690 if (!TEST_ptr(pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH
, NULL
,
1694 if (!TEST_ptr(mdctx
= EVP_MD_CTX_create()))
1697 if (!TEST_true(EVP_DigestSignInit(mdctx
, &ctx
, NULL
, NULL
, pkey
)))
1699 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_SIGNCTX
,
1700 EVP_PKEY_CTRL_SET_DIGEST_SIZE
,
1704 if (!TEST_true(EVP_DigestSignInit(mdctx
, NULL
, NULL
, NULL
, NULL
)))
1706 if (!TEST_true(EVP_DigestSignUpdate(mdctx
, buf
, 8)))
1708 if (!TEST_true(EVP_DigestSignFinal(mdctx
, digest
, &len
)))
1710 if (!TEST_mem_eq(digest
, len
, expected
, sizeof(expected
)))
1715 EVP_PKEY_free(pkey
);
1716 EVP_MD_CTX_free(mdctx
);
1722 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1724 static int test_EVP_Digest(void)
1727 EVP_MD_CTX
*md_ctx
= NULL
;
1728 unsigned char md
[EVP_MAX_MD_SIZE
];
1729 EVP_MD
*sha256
= NULL
;
1730 EVP_MD
*shake256
= NULL
;
1732 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1735 if (!TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", testpropq
))
1736 || !TEST_ptr(shake256
= EVP_MD_fetch(testctx
, "shake256", testpropq
)))
1739 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1740 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1741 || !TEST_true(EVP_DigestFinal(md_ctx
, md
, NULL
))
1742 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1743 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx
), NULL
))
1746 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1747 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1748 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md
, NULL
))
1749 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1750 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1752 * EVP_DigestInit_ex with NULL type should work on
1753 * pre-initialized context.
1755 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1758 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, shake256
, NULL
))
1759 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1760 || !TEST_true(EVP_DigestFinalXOF(md_ctx
, md
, sizeof(md
)))
1761 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1762 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1763 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1768 EVP_MD_CTX_free(md_ctx
);
1769 EVP_MD_free(sha256
);
1770 EVP_MD_free(shake256
);
1774 static int test_EVP_md_null(void)
1777 EVP_MD_CTX
*md_ctx
= NULL
;
1778 const EVP_MD
*md_null
= EVP_md_null();
1779 unsigned char md_value
[EVP_MAX_MD_SIZE
];
1780 unsigned int md_len
= sizeof(md_value
);
1782 if (nullprov
!= NULL
)
1783 return TEST_skip("Test does not support a non-default library context");
1785 if (!TEST_ptr(md_null
)
1786 || !TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1789 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, md_null
, NULL
))
1790 || !TEST_true(EVP_DigestUpdate(md_ctx
, "test", 4))
1791 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md_value
, &md_len
)))
1794 if (!TEST_uint_eq(md_len
, 0))
1799 EVP_MD_CTX_free(md_ctx
);
1803 static int test_d2i_AutoPrivateKey(int i
)
1806 const unsigned char *p
;
1807 EVP_PKEY
*pkey
= NULL
;
1808 const APK_DATA
*ak
= &keydata
[i
];
1809 const unsigned char *input
= ak
->kder
;
1810 size_t input_len
= ak
->size
;
1811 int expected_id
= ak
->evptype
;
1814 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1815 || !TEST_ptr_eq(p
, input
+ input_len
)
1816 || !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
1822 EVP_PKEY_free(pkey
);
1826 #ifndef OPENSSL_NO_EC
1828 static const unsigned char ec_public_sect163k1_validxy
[] = {
1829 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1830 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1831 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1832 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1833 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1834 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1837 static const unsigned char ec_public_sect163k1_badx
[] = {
1838 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1839 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1840 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1841 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1842 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1843 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1846 static const unsigned char ec_public_sect163k1_bady
[] = {
1847 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1848 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1849 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1850 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1851 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1852 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1855 static struct ec_der_pub_keys_st
{
1856 const unsigned char *der
;
1859 } ec_der_pub_keys
[] = {
1860 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
1861 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
1862 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
1866 * Tests the range of the decoded EC char2 public point.
1867 * See ec_GF2m_simple_oct2point().
1869 static int test_invalide_ec_char2_pub_range_decode(int id
)
1874 pkey
= load_example_key("EC", ec_der_pub_keys
[id
].der
,
1875 ec_der_pub_keys
[id
].len
);
1877 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(pkey
))
1878 || TEST_ptr_null(pkey
);
1879 EVP_PKEY_free(pkey
);
1883 /* Tests loading a bad key in PKCS8 format */
1884 static int test_EVP_PKCS82PKEY(void)
1887 const unsigned char *derp
= kExampleBadECKeyDER
;
1888 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1889 EVP_PKEY
*pkey
= NULL
;
1891 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
1892 sizeof(kExampleBadECKeyDER
))))
1895 if (!TEST_ptr_eq(derp
,
1896 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
1899 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
1905 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1906 EVP_PKEY_free(pkey
);
1912 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1914 EVP_PKEY
*pkey
= NULL
;
1915 EVP_PKEY
*pkey2
= NULL
;
1917 char *membuf
= NULL
;
1918 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1921 if (testctx
!= NULL
)
1922 /* test not supported with non-default context */
1925 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1926 || !TEST_ptr(pkey
= load_example_rsa_key())
1927 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1928 NULL
, 0, NULL
, NULL
),
1930 || !TEST_int_gt(BIO_get_mem_data(membio
, &membuf
), 0)
1931 || !TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO_bio(membio
, NULL
))
1932 || !TEST_ptr(pkey2
= EVP_PKCS82PKEY(p8inf
))
1933 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1939 EVP_PKEY_free(pkey
);
1940 EVP_PKEY_free(pkey2
);
1941 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1942 BIO_free_all(membio
);
1946 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1947 static int test_privatekey_to_pkcs8(void)
1949 EVP_PKEY
*pkey
= NULL
;
1951 char *membuf
= NULL
;
1952 long membuf_len
= 0;
1955 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1956 || !TEST_ptr(pkey
= load_example_rsa_key())
1957 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1958 NULL
, 0, NULL
, NULL
),
1960 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
1961 || !TEST_ptr(membuf
)
1962 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
1963 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
1965 * We try to write PEM as well, just to see that it doesn't err, but
1966 * assume that the result is correct.
1968 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
1969 NULL
, 0, NULL
, NULL
),
1975 EVP_PKEY_free(pkey
);
1976 BIO_free_all(membio
);
1980 #ifndef OPENSSL_NO_EC
1981 static const struct {
1983 const char *encoding_name
;
1984 } ec_encodings
[] = {
1985 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
1986 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
1989 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
1991 const OSSL_PARAM
*p
;
1992 const char *enc_name
= NULL
;
1998 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
1999 OSSL_PKEY_PARAM_EC_ENCODING
))
2000 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
2003 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
2004 if (OPENSSL_strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
2005 *enc
= ec_encodings
[i
].encoding
;
2010 return (*enc
!= -1);
2013 static int test_EC_keygen_with_enc(int idx
)
2015 EVP_PKEY
*params
= NULL
, *key
= NULL
;
2016 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
2020 enc
= ec_encodings
[idx
].encoding
;
2022 /* Create key parameters */
2023 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
2024 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx
), 0)
2025 || !TEST_int_gt(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"), 0)
2026 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
), 0)
2027 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
2028 || !TEST_ptr(params
))
2032 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
2033 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2034 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
2038 /* Check that the encoding got all the way into the key */
2039 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
2040 ec_export_get_encoding_cb
, &enc
))
2041 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
2047 EVP_PKEY_free(params
);
2048 EVP_PKEY_CTX_free(kctx
);
2049 EVP_PKEY_CTX_free(pctx
);
2054 #if !defined(OPENSSL_NO_SM2)
2056 static int test_EVP_SM2_verify(void)
2058 const char *pubkey
=
2059 "-----BEGIN PUBLIC KEY-----\n"
2060 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
2061 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
2062 "-----END PUBLIC KEY-----\n";
2064 const char *msg
= "message digest";
2065 const char *id
= "ALICE123@YAHOO.COM";
2067 const uint8_t signature
[] = {
2068 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
2069 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
2070 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
2071 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
2072 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
2073 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
2074 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
2079 EVP_PKEY
*pkey
= NULL
;
2080 EVP_MD_CTX
*mctx
= NULL
;
2081 EVP_PKEY_CTX
*pctx
= NULL
;
2084 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
2085 if (!TEST_true(bio
!= NULL
))
2088 pkey
= PEM_read_bio_PUBKEY_ex(bio
, NULL
, NULL
, NULL
, testctx
, testpropq
);
2089 if (!TEST_true(pkey
!= NULL
))
2092 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
2095 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
2098 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2101 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
2103 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
2106 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, sm3
, NULL
, pkey
)))
2109 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
2112 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
2115 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
)), 0))
2121 EVP_PKEY_free(pkey
);
2122 EVP_PKEY_CTX_free(pctx
);
2123 EVP_MD_CTX_free(mctx
);
2128 static int test_EVP_SM2(void)
2131 EVP_PKEY
*pkey
= NULL
;
2132 EVP_PKEY
*pkeyparams
= NULL
;
2133 EVP_PKEY_CTX
*pctx
= NULL
;
2134 EVP_PKEY_CTX
*kctx
= NULL
;
2135 EVP_PKEY_CTX
*sctx
= NULL
;
2137 unsigned char *sig
= NULL
;
2138 EVP_MD_CTX
*md_ctx
= NULL
;
2139 EVP_MD_CTX
*md_ctx_verify
= NULL
;
2140 EVP_PKEY_CTX
*cctx
= NULL
;
2141 EVP_MD
*check_md
= NULL
;
2143 uint8_t ciphertext
[128];
2144 size_t ctext_len
= sizeof(ciphertext
);
2146 uint8_t plaintext
[8];
2147 size_t ptext_len
= sizeof(plaintext
);
2149 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
2151 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
2152 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
2154 char mdname
[OSSL_MAX_NAME_SIZE
];
2156 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
,
2160 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
2163 if (!TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
), 0))
2166 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
2169 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
2170 pkeyparams
, testpropq
)))
2173 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0))
2176 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
2179 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
2182 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
2185 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2188 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
2189 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
2191 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
2194 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, check_md
, NULL
, pkey
)))
2197 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
2200 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
2203 /* Determine the size of the signature. */
2204 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
2207 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
2210 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
2213 /* Ensure that the signature round-trips. */
2215 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
2219 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
2222 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
2225 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
2229 * Try verify again with non-matching 0 length id but ensure that it can
2230 * be set on the context and overrides the previous value.
2233 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
2237 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, NULL
, 0), 0))
2240 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
2243 if (!TEST_int_eq(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
2246 /* now check encryption/decryption */
2248 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
2249 mdname
, sizeof(mdname
));
2250 for (i
= 0; i
< 2; i
++) {
2251 const char *mdnames
[] = {
2252 #ifndef OPENSSL_NO_SM3
2258 EVP_PKEY_CTX_free(cctx
);
2260 if (mdnames
[i
] == NULL
)
2264 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
2265 (char *)mdnames
[i
], 0);
2267 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
2271 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
2274 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
2277 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
2281 if (!TEST_int_gt(EVP_PKEY_decrypt_init(cctx
), 0))
2284 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
2287 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
2291 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
2295 * Test we're still using the digest we think we are.
2296 * Because of aliases, the easiest is to fetch the digest and
2297 * check the name with EVP_MD_is_a().
2299 EVP_MD_free(check_md
);
2300 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, mdname
, testpropq
)))
2302 if (!TEST_true(EVP_MD_is_a(check_md
, mdnames
[i
]))) {
2303 TEST_info("Fetched md %s isn't %s", mdname
, mdnames
[i
]);
2307 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
2310 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
2316 EVP_PKEY_CTX_free(pctx
);
2317 EVP_PKEY_CTX_free(kctx
);
2318 EVP_PKEY_CTX_free(sctx
);
2319 EVP_PKEY_CTX_free(cctx
);
2320 EVP_PKEY_free(pkey
);
2321 EVP_PKEY_free(pkeyparams
);
2322 EVP_MD_CTX_free(md_ctx
);
2323 EVP_MD_CTX_free(md_ctx_verify
);
2324 EVP_MD_free(check_md
);
2331 static struct keys_st
{
2337 EVP_PKEY_HMAC
, "0123456789", NULL
2340 EVP_PKEY_HMAC
, "", NULL
2341 #ifndef OPENSSL_NO_POLY1305
2343 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
2345 #ifndef OPENSSL_NO_SIPHASH
2347 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
2350 #ifndef OPENSSL_NO_ECX
2352 EVP_PKEY_X25519
, "01234567890123456789012345678901",
2353 "abcdefghijklmnopqrstuvwxyzabcdef"
2355 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
2356 "abcdefghijklmnopqrstuvwxyzabcdef"
2359 "01234567890123456789012345678901234567890123456789012345",
2360 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2363 "012345678901234567890123456789012345678901234567890123456",
2364 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2369 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
2372 unsigned char buf
[80];
2374 size_t inlen
, len
= 0, shortlen
= 1;
2377 /* Check if this algorithm supports public keys */
2378 if (pub
&& keys
[tst
].pub
== NULL
)
2381 memset(buf
, 0, sizeof(buf
));
2384 #ifndef OPENSSL_NO_EC
2385 inlen
= strlen(keys
[tst
].pub
);
2386 in
= (unsigned char *)keys
[tst
].pub
;
2388 pkey
= EVP_PKEY_new_raw_public_key_ex(
2390 OBJ_nid2sn(keys
[tst
].type
),
2395 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
2404 inlen
= strlen(keys
[tst
].priv
);
2405 in
= (unsigned char *)keys
[tst
].priv
;
2407 pkey
= EVP_PKEY_new_raw_private_key_ex(
2408 testctx
, OBJ_nid2sn(keys
[tst
].type
),
2413 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
2421 || !TEST_int_eq(EVP_PKEY_eq(pkey
, pkey
), 1)
2422 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
2423 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
2424 || !TEST_true(len
== inlen
))
2428 * Test that supplying a buffer that is too small fails. Doesn't apply
2429 * to HMAC with a zero length key
2431 if ((!pub
&& !TEST_false(EVP_PKEY_get_raw_private_key(pkey
, buf
,
2433 || (pub
&& !TEST_false(EVP_PKEY_get_raw_public_key(pkey
, buf
,
2437 if ((!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
2438 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
2439 || !TEST_mem_eq(in
, inlen
, buf
, len
))
2444 EVP_PKEY_free(pkey
);
2448 static int test_set_get_raw_keys(int tst
)
2450 return (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 0, 0))
2451 && test_set_get_raw_keys_int(tst
, 0, 1)
2452 && (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 1, 0))
2453 && test_set_get_raw_keys_int(tst
, 1, 1);
2456 #ifndef OPENSSL_NO_DEPRECATED_3_0
2457 static int pkey_custom_check(EVP_PKEY
*pkey
)
2462 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
2467 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
2472 static EVP_PKEY_METHOD
*custom_pmeth
;
2475 static int test_EVP_PKEY_check(int i
)
2478 EVP_PKEY
*pkey
= NULL
;
2479 EVP_PKEY_CTX
*ctx
= NULL
;
2480 #ifndef OPENSSL_NO_DEPRECATED_3_0
2481 EVP_PKEY_CTX
*ctx2
= NULL
;
2483 const APK_DATA
*ak
= &keycheckdata
[i
];
2484 const unsigned char *input
= ak
->kder
;
2485 size_t input_len
= ak
->size
;
2486 int expected_id
= ak
->evptype
;
2487 int expected_check
= ak
->check
;
2488 int expected_pub_check
= ak
->pub_check
;
2489 int expected_param_check
= ak
->param_check
;
2490 int type
= ak
->type
;
2492 if (!TEST_ptr(pkey
= load_example_key(ak
->keytype
, input
, input_len
)))
2495 && !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
2498 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2501 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
2504 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
2507 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
2510 #ifndef OPENSSL_NO_DEPRECATED_3_0
2511 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
2512 /* assign the pkey directly, as an internal test */
2513 EVP_PKEY_up_ref(pkey
);
2516 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
2519 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
2522 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
2529 EVP_PKEY_CTX_free(ctx
);
2530 #ifndef OPENSSL_NO_DEPRECATED_3_0
2531 EVP_PKEY_CTX_free(ctx2
);
2533 EVP_PKEY_free(pkey
);
2537 #ifndef OPENSSL_NO_CMAC
2538 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
2540 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
2541 const char msg
[] = "Hello World";
2542 size_t maclen
= AES_BLOCK_SIZE
;
2545 if (!TEST_ptr(mdctx
)
2546 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, NULL
, testctx
,
2547 testpropq
, pkey
, NULL
))
2548 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
2549 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
2550 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
2553 EVP_MD_CTX_free(mdctx
);
2557 static int test_CMAC_keygen(void)
2559 static unsigned char key
[] = {
2560 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2561 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2562 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2564 EVP_PKEY_CTX
*kctx
= NULL
;
2566 EVP_PKEY
*pkey
= NULL
;
2567 unsigned char mac
[AES_BLOCK_SIZE
];
2568 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2569 unsigned char mac2
[AES_BLOCK_SIZE
];
2572 if (nullprov
!= NULL
)
2573 return TEST_skip("Test does not support a non-default library context");
2576 * This is a legacy method for CMACs, but should still work.
2577 * This verifies that it works without an ENGINE.
2579 kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
2581 /* Test a CMAC key created using the "generated" method */
2582 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2583 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2584 EVP_PKEY_CTRL_CIPHER
,
2585 0, (void *)EVP_aes_256_cbc()), 0)
2586 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2587 EVP_PKEY_CTRL_SET_MAC_KEY
,
2588 sizeof(key
), (void *)key
), 0)
2589 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
2591 || !TEST_true(get_cmac_val(pkey
, mac
)))
2594 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2595 EVP_PKEY_free(pkey
);
2598 * Test a CMAC key using the direct method, and compare with the mac
2601 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_cbc());
2603 || !TEST_true(get_cmac_val(pkey
, mac2
))
2604 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
2611 EVP_PKEY_free(pkey
);
2612 EVP_PKEY_CTX_free(kctx
);
2617 static int test_HKDF(void)
2620 unsigned char out
[20];
2623 unsigned char salt
[] = "0123456789";
2624 unsigned char key
[] = "012345678901234567890123456789";
2625 unsigned char info
[] = "infostring";
2626 const unsigned char expected
[] = {
2627 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2628 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2630 size_t expectedlen
= sizeof(expected
);
2632 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2635 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2636 for (i
= 0; i
< 2; i
++) {
2637 outlen
= sizeof(out
);
2638 memset(out
, 0, outlen
);
2640 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2641 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2642 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2643 sizeof(salt
) - 1), 0)
2644 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2645 sizeof(key
) - 1), 0)
2646 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2647 sizeof(info
) - 1), 0)
2648 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2649 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2656 EVP_PKEY_CTX_free(pctx
);
2661 static int test_emptyikm_HKDF(void)
2664 unsigned char out
[20];
2667 unsigned char salt
[] = "9876543210";
2668 unsigned char key
[] = "";
2669 unsigned char info
[] = "stringinfo";
2670 const unsigned char expected
[] = {
2671 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2672 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2674 size_t expectedlen
= sizeof(expected
);
2676 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2679 outlen
= sizeof(out
);
2680 memset(out
, 0, outlen
);
2682 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2683 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2684 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2685 sizeof(salt
) - 1), 0)
2686 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2687 sizeof(key
) - 1), 0)
2688 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2689 sizeof(info
) - 1), 0)
2690 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2691 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2697 EVP_PKEY_CTX_free(pctx
);
2702 #ifndef OPENSSL_NO_EC
2703 static int test_X509_PUBKEY_inplace(void)
2706 X509_PUBKEY
*xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2707 const unsigned char *p
= kExampleECPubKeyDER
;
2708 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2712 if (!TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2715 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
2718 p
= kExampleBadECPubKeyDER
;
2719 input_len
= sizeof(kExampleBadECPubKeyDER
);
2721 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2724 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
2730 X509_PUBKEY_free(xp
);
2734 static int test_X509_PUBKEY_dup(void)
2737 X509_PUBKEY
*xp
= NULL
, *xq
= NULL
;
2738 const unsigned char *p
= kExampleECPubKeyDER
;
2739 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2741 xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2743 || !TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2744 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
))
2745 || !TEST_ptr_ne(xp
, xq
))
2748 if (!TEST_ptr(X509_PUBKEY_get0(xq
))
2749 || !TEST_ptr(X509_PUBKEY_get0(xp
))
2750 || !TEST_ptr_ne(X509_PUBKEY_get0(xq
), X509_PUBKEY_get0(xp
)))
2753 X509_PUBKEY_free(xq
);
2755 p
= kExampleBadECPubKeyDER
;
2756 input_len
= sizeof(kExampleBadECPubKeyDER
);
2758 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2759 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
)))
2762 X509_PUBKEY_free(xp
);
2764 if (!TEST_true(X509_PUBKEY_get0(xq
) == NULL
))
2770 X509_PUBKEY_free(xp
);
2771 X509_PUBKEY_free(xq
);
2774 #endif /* OPENSSL_NO_EC */
2776 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2777 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
2779 EVP_MD_CTX
*mdctx
= NULL
;
2780 EVP_PKEY_CTX
*ctx
= NULL
;
2781 const OSSL_PARAM
*params
;
2782 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
2785 char mdname
[OSSL_MAX_NAME_SIZE
];
2788 /* Initialise a sign operation */
2789 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
);
2791 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
2795 * We should be able to query the parameters now.
2797 params
= EVP_PKEY_CTX_settable_params(ctx
);
2798 if (!TEST_ptr(params
)
2799 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2800 OSSL_SIGNATURE_PARAM_DIGEST
)))
2803 params
= EVP_PKEY_CTX_gettable_params(ctx
);
2804 if (!TEST_ptr(params
)
2805 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2806 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
2807 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2808 OSSL_SIGNATURE_PARAM_DIGEST
)))
2812 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2813 * EVP_PKEY_CTX_get_params()
2815 strcpy(mdname
, "SHA512");
2817 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2819 *param
++ = OSSL_PARAM_construct_end();
2821 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
2825 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2826 mdname
, sizeof(mdname
));
2827 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
2828 || !TEST_str_eq(mdname
, "SHA512"))
2832 * Test the TEST_PKEY_CTX_set_signature_md() and
2833 * TEST_PKEY_CTX_get_signature_md() functions
2835 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
2836 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
2837 || !TEST_ptr_eq(md
, EVP_sha256()))
2841 * Test getting MD parameters via an associated EVP_PKEY_CTX
2843 mdctx
= EVP_MD_CTX_new();
2844 if (!TEST_ptr(mdctx
)
2845 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", testctx
, testpropq
,
2850 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2851 * able to obtain the digest's settable parameters from the provider.
2853 params
= EVP_MD_CTX_settable_params(mdctx
);
2854 if (!TEST_ptr(params
)
2855 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
2856 /* The final key should be NULL */
2857 || !TEST_ptr_null(params
[1].key
))
2861 memset(ssl3ms
, 0, sizeof(ssl3ms
));
2862 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
2863 ssl3ms
, sizeof(ssl3ms
));
2864 *param
++ = OSSL_PARAM_construct_end();
2866 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
2872 EVP_MD_CTX_free(mdctx
);
2873 EVP_PKEY_CTX_free(ctx
);
2878 #ifndef OPENSSL_NO_DSA
2879 static int test_DSA_get_set_params(void)
2881 OSSL_PARAM_BLD
*bld
= NULL
;
2882 OSSL_PARAM
*params
= NULL
;
2883 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
2884 EVP_PKEY_CTX
*pctx
= NULL
;
2885 EVP_PKEY
*pkey
= NULL
;
2889 * Setup the parameters for our DSA object. For our purposes they don't
2890 * have to actually be *valid* parameters. We just need to set something.
2892 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "DSA", NULL
))
2893 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2894 || !TEST_ptr(p
= BN_new())
2895 || !TEST_ptr(q
= BN_new())
2896 || !TEST_ptr(g
= BN_new())
2897 || !TEST_ptr(pub
= BN_new())
2898 || !TEST_ptr(priv
= BN_new()))
2900 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
2901 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
2902 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
2903 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
2905 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
2908 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2911 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2912 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2916 if (!TEST_ptr(pkey
))
2919 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2922 EVP_PKEY_free(pkey
);
2923 EVP_PKEY_CTX_free(pctx
);
2924 OSSL_PARAM_free(params
);
2925 OSSL_PARAM_BLD_free(bld
);
2936 * Test combinations of private, public, missing and private + public key
2937 * params to ensure they are all accepted
2939 static int test_DSA_priv_pub(void)
2941 return test_EVP_PKEY_ffc_priv_pub("DSA");
2944 #endif /* !OPENSSL_NO_DSA */
2946 static int test_RSA_get_set_params(void)
2948 OSSL_PARAM_BLD
*bld
= NULL
;
2949 OSSL_PARAM
*params
= NULL
;
2950 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
2951 EVP_PKEY_CTX
*pctx
= NULL
;
2952 EVP_PKEY
*pkey
= NULL
;
2956 * Setup the parameters for our RSA object. For our purposes they don't
2957 * have to actually be *valid* parameters. We just need to set something.
2959 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
2960 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2961 || !TEST_ptr(n
= BN_new())
2962 || !TEST_ptr(e
= BN_new())
2963 || !TEST_ptr(d
= BN_new()))
2965 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
2966 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
2967 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
2969 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2972 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2973 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2977 if (!TEST_ptr(pkey
))
2980 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2983 EVP_PKEY_free(pkey
);
2984 EVP_PKEY_CTX_free(pctx
);
2985 OSSL_PARAM_free(params
);
2986 OSSL_PARAM_BLD_free(bld
);
2994 static int test_RSA_OAEP_set_get_params(void)
2997 EVP_PKEY
*key
= NULL
;
2998 EVP_PKEY_CTX
*key_ctx
= NULL
;
3000 if (nullprov
!= NULL
)
3001 return TEST_skip("Test does not support a non-default library context");
3003 if (!TEST_ptr(key
= load_example_rsa_key())
3004 || !TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(0, key
, 0)))
3008 int padding
= RSA_PKCS1_OAEP_PADDING
;
3009 OSSL_PARAM params
[4];
3011 params
[0] = OSSL_PARAM_construct_int(OSSL_SIGNATURE_PARAM_PAD_MODE
, &padding
);
3012 params
[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST
,
3013 OSSL_DIGEST_NAME_SHA2_256
, 0);
3014 params
[2] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST
,
3015 OSSL_DIGEST_NAME_SHA1
, 0);
3016 params
[3] = OSSL_PARAM_construct_end();
3018 if (!TEST_int_gt(EVP_PKEY_encrypt_init_ex(key_ctx
, params
),0))
3022 OSSL_PARAM params
[3];
3023 char oaepmd
[30] = { '\0' };
3024 char mgf1md
[30] = { '\0' };
3026 params
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST
,
3027 oaepmd
, sizeof(oaepmd
));
3028 params
[1] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST
,
3029 mgf1md
, sizeof(mgf1md
));
3030 params
[2] = OSSL_PARAM_construct_end();
3032 if (!TEST_true(EVP_PKEY_CTX_get_params(key_ctx
, params
)))
3035 if (!TEST_str_eq(oaepmd
, OSSL_DIGEST_NAME_SHA2_256
)
3036 || !TEST_str_eq(mgf1md
, OSSL_DIGEST_NAME_SHA1
))
3044 EVP_PKEY_CTX_free(key_ctx
);
3049 /* https://github.com/openssl/openssl/issues/21288 */
3050 static int test_RSA_OAEP_set_null_label(void)
3053 EVP_PKEY
*key
= NULL
;
3054 EVP_PKEY_CTX
*key_ctx
= NULL
;
3056 if (!TEST_ptr(key
= load_example_rsa_key())
3057 || !TEST_ptr(key_ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, key
, NULL
))
3058 || !TEST_true(EVP_PKEY_encrypt_init(key_ctx
)))
3061 if (!TEST_true(EVP_PKEY_CTX_set_rsa_padding(key_ctx
, RSA_PKCS1_OAEP_PADDING
)))
3064 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx
, OPENSSL_strdup("foo"), 0)))
3067 if (!TEST_true(EVP_PKEY_CTX_set0_rsa_oaep_label(key_ctx
, NULL
, 0)))
3074 EVP_PKEY_CTX_free(key_ctx
);
3079 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
3080 static int test_decrypt_null_chunks(void)
3082 EVP_CIPHER_CTX
* ctx
= NULL
;
3083 EVP_CIPHER
*cipher
= NULL
;
3084 const unsigned char key
[32] = {
3085 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
3086 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
3087 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
3089 unsigned char iv
[12] = {
3090 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
3092 unsigned char msg
[] = "It was the best of times, it was the worst of times";
3093 unsigned char ciphertext
[80];
3094 unsigned char plaintext
[80];
3095 /* We initialise tmp to a non zero value on purpose */
3096 int ctlen
, ptlen
, tmp
= 99;
3098 const int enc_offset
= 10, dec_offset
= 20;
3100 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "ChaCha20-Poly1305", testpropq
))
3101 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
3102 || !TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
,
3104 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
3106 /* Deliberate add a zero length update */
3107 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
3109 || !TEST_int_eq(tmp
, 0)
3110 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
3112 sizeof(msg
) - enc_offset
))
3113 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
3114 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
3115 || !TEST_int_eq(tmp
, 0))
3118 /* Deliberately initialise tmp to a non zero value */
3120 if (!TEST_true(EVP_DecryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
3121 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
3124 * Deliberately add a zero length update. We also deliberately do
3125 * this at a different offset than for encryption.
3127 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
3129 || !TEST_int_eq(tmp
, 0)
3130 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
3131 ciphertext
+ dec_offset
,
3132 ctlen
- dec_offset
))
3133 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
3134 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
3135 || !TEST_int_eq(tmp
, 0)
3136 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
3141 EVP_CIPHER_CTX_free(ctx
);
3142 EVP_CIPHER_free(cipher
);
3145 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
3147 #ifndef OPENSSL_NO_DH
3149 * Test combinations of private, public, missing and private + public key
3150 * params to ensure they are all accepted
3152 static int test_DH_priv_pub(void)
3154 return test_EVP_PKEY_ffc_priv_pub("DH");
3157 # ifndef OPENSSL_NO_DEPRECATED_3_0
3158 static int test_EVP_PKEY_set1_DH(void)
3160 DH
*x942dh
= NULL
, *noqdh
= NULL
;
3161 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
3163 BIGNUM
*p
, *g
= NULL
;
3164 BIGNUM
*pubkey
= NULL
;
3165 unsigned char pub
[2048 / 8];
3168 if (!TEST_ptr(p
= BN_new())
3169 || !TEST_ptr(g
= BN_new())
3170 || !TEST_ptr(pubkey
= BN_new())
3171 || !TEST_true(BN_set_word(p
, 9999))
3172 || !TEST_true(BN_set_word(g
, 2))
3173 || !TEST_true(BN_set_word(pubkey
, 4321))
3174 || !TEST_ptr(noqdh
= DH_new())
3175 || !TEST_true(DH_set0_pqg(noqdh
, p
, NULL
, g
))
3176 || !TEST_true(DH_set0_key(noqdh
, pubkey
, NULL
))
3177 || !TEST_ptr(pubkey
= BN_new())
3178 || !TEST_true(BN_set_word(pubkey
, 4321)))
3182 x942dh
= DH_get_2048_256();
3183 pkey1
= EVP_PKEY_new();
3184 pkey2
= EVP_PKEY_new();
3185 if (!TEST_ptr(x942dh
)
3189 || !TEST_true(DH_set0_key(x942dh
, pubkey
, NULL
)))
3193 if (!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
3194 || !TEST_int_eq(EVP_PKEY_get_id(pkey1
), EVP_PKEY_DHX
))
3197 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1
, OSSL_PKEY_PARAM_PUB_KEY
,
3199 || !TEST_ptr(pubkey
))
3202 if (!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
3203 || !TEST_int_eq(EVP_PKEY_get_id(pkey2
), EVP_PKEY_DH
))
3206 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2
,
3207 OSSL_PKEY_PARAM_PUB_KEY
,
3208 pub
, sizeof(pub
), &len
))
3209 || !TEST_size_t_ne(len
, 0))
3217 EVP_PKEY_free(pkey1
);
3218 EVP_PKEY_free(pkey2
);
3224 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
3225 #endif /* !OPENSSL_NO_DH */
3228 * We test what happens with an empty template. For the sake of this test,
3229 * the template must be ignored, and we know that's the case for RSA keys
3230 * (this might arguably be a misfeature, but that's what we currently do,
3231 * even in provider code, since that's how the legacy RSA implementation
3234 static int test_keygen_with_empty_template(int n
)
3236 EVP_PKEY_CTX
*ctx
= NULL
;
3237 EVP_PKEY
*pkey
= NULL
;
3238 EVP_PKEY
*tkey
= NULL
;
3241 if (nullprov
!= NULL
)
3242 return TEST_skip("Test does not support a non-default library context");
3246 /* We do test with no template at all as well */
3247 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
3251 /* Here we create an empty RSA key that serves as our template */
3252 if (!TEST_ptr(tkey
= EVP_PKEY_new())
3253 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
3254 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
3259 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3260 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
3265 EVP_PKEY_CTX_free(ctx
);
3266 EVP_PKEY_free(pkey
);
3267 EVP_PKEY_free(tkey
);
3272 * Test that we fail if we attempt to use an algorithm that is not available
3273 * in the current library context (unless we are using an algorithm that
3274 * should be made available via legacy codepaths).
3279 static int test_pkey_ctx_fail_without_provider(int tst
)
3281 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
3282 OSSL_PROVIDER
*tmpnullprov
= NULL
;
3283 EVP_PKEY_CTX
*pctx
= NULL
;
3284 const char *keytype
= NULL
;
3285 int expect_null
= 0;
3288 if (!TEST_ptr(tmpctx
))
3291 tmpnullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
3292 if (!TEST_ptr(tmpnullprov
))
3296 * We check for certain algos in the null provider.
3297 * If an algo is expected to have a provider keymgmt, constructing an
3298 * EVP_PKEY_CTX is expected to fail (return NULL).
3299 * Otherwise, if it's expected to have legacy support, constructing an
3300 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
3310 #ifdef OPENSSL_NO_EC
3311 TEST_info("EC disable, skipping SM2 check...");
3314 #ifdef OPENSSL_NO_SM2
3315 TEST_info("SM2 disable, skipping SM2 check...");
3320 TEST_error("No test for case %d", tst
);
3324 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
3325 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
3328 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
3334 EVP_PKEY_CTX_free(pctx
);
3335 OSSL_PROVIDER_unload(tmpnullprov
);
3336 OSSL_LIB_CTX_free(tmpctx
);
3340 static int test_rand_agglomeration(void)
3344 OSSL_PARAM params
[3], *p
= params
;
3346 unsigned int step
= 7;
3347 static unsigned char seed
[] = "It does not matter how slowly you go "
3348 "as long as you do not stop.";
3349 unsigned char out
[sizeof(seed
)];
3351 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
3352 || !TEST_ptr(rand
= EVP_RAND_fetch(testctx
, "TEST-RAND", testpropq
)))
3354 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
3355 EVP_RAND_free(rand
);
3359 memset(out
, 0, sizeof(out
));
3360 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
3361 seed
, sizeof(seed
));
3362 *p
++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST
, &step
);
3363 *p
= OSSL_PARAM_construct_end();
3364 res
= TEST_true(EVP_RAND_CTX_set_params(ctx
, params
))
3365 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
3366 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
3367 EVP_RAND_CTX_free(ctx
);
3372 * Test that we correctly return the original or "running" IV after
3373 * an encryption operation.
3374 * Run multiple times for some different relevant algorithms/modes.
3376 static int test_evp_iv_aes(int idx
)
3379 EVP_CIPHER_CTX
*ctx
= NULL
;
3380 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3381 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3382 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
3383 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3384 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3385 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3386 9, 10, 11, 12, 13, 14, 15, 16 };
3387 unsigned char ciphertext
[32], oiv
[16], iv
[16];
3388 unsigned char *ref_iv
;
3389 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3390 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3392 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3393 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3394 unsigned char cfb_state
[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3395 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3396 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3397 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3398 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3399 #ifndef OPENSSL_NO_OCB
3400 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3401 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3403 int len
= sizeof(ciphertext
);
3404 size_t ivlen
, ref_len
;
3405 const EVP_CIPHER
*type
= NULL
;
3408 if (nullprov
!= NULL
&& idx
< 6)
3409 return TEST_skip("Test does not support a non-default library context");
3413 type
= EVP_aes_128_cbc();
3416 type
= (type
!= NULL
) ? type
:
3417 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", testpropq
);
3419 ref_len
= sizeof(cbc_state
);
3423 type
= EVP_aes_128_ofb();
3426 type
= (type
!= NULL
) ? type
:
3427 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", testpropq
);
3429 ref_len
= sizeof(ofb_state
);
3433 type
= EVP_aes_128_cfb();
3436 type
= (type
!= NULL
) ? type
:
3437 EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
);
3439 ref_len
= sizeof(cfb_state
);
3443 type
= EVP_aes_128_gcm();
3446 type
= (type
!= NULL
) ? type
:
3447 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", testpropq
);
3449 ref_len
= sizeof(gcm_state
);
3452 type
= EVP_aes_128_ccm();
3455 type
= (type
!= NULL
) ? type
:
3456 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", testpropq
);
3458 ref_len
= sizeof(ccm_state
);
3460 #ifdef OPENSSL_NO_OCB
3466 type
= EVP_aes_128_ocb();
3469 type
= (type
!= NULL
) ? type
:
3470 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", testpropq
);
3472 ref_len
= sizeof(ocb_state
);
3480 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3481 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3482 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3484 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3485 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3486 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3488 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3489 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3490 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3493 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3494 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3495 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3498 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3501 if (!TEST_mem_eq(ref_iv
, ivlen
, iv
, ivlen
))
3507 EVP_CIPHER_CTX_free(ctx
);
3509 EVP_CIPHER_free((EVP_CIPHER
*)type
);
3513 #ifndef OPENSSL_NO_DES
3514 static int test_evp_iv_des(int idx
)
3517 EVP_CIPHER_CTX
*ctx
= NULL
;
3518 static const unsigned char key
[24] = {
3519 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3520 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3521 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3523 static const unsigned char init_iv
[8] = {
3524 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3526 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3527 9, 10, 11, 12, 13, 14, 15, 16 };
3528 unsigned char ciphertext
[32], oiv
[8], iv
[8];
3529 unsigned const char *ref_iv
;
3530 static const unsigned char cbc_state_des
[8] = {
3531 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3533 static const unsigned char cbc_state_3des
[8] = {
3534 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3536 static const unsigned char ofb_state_des
[8] = {
3537 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3539 static const unsigned char ofb_state_3des
[8] = {
3540 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3542 static const unsigned char cfb_state_des
[8] = {
3543 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3545 static const unsigned char cfb_state_3des
[8] = {
3546 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3548 int len
= sizeof(ciphertext
);
3549 size_t ivlen
, ref_len
;
3550 EVP_CIPHER
*type
= NULL
;
3552 if (lgcyprov
== NULL
&& idx
< 3)
3553 return TEST_skip("Test requires legacy provider to be loaded");
3557 type
= EVP_CIPHER_fetch(testctx
, "des-cbc", testpropq
);
3558 ref_iv
= cbc_state_des
;
3559 ref_len
= sizeof(cbc_state_des
);
3562 type
= EVP_CIPHER_fetch(testctx
, "des-ofb", testpropq
);
3563 ref_iv
= ofb_state_des
;
3564 ref_len
= sizeof(ofb_state_des
);
3567 type
= EVP_CIPHER_fetch(testctx
, "des-cfb", testpropq
);
3568 ref_iv
= cfb_state_des
;
3569 ref_len
= sizeof(cfb_state_des
);
3572 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cbc", testpropq
);
3573 ref_iv
= cbc_state_3des
;
3574 ref_len
= sizeof(cbc_state_3des
);
3577 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-ofb", testpropq
);
3578 ref_iv
= ofb_state_3des
;
3579 ref_len
= sizeof(ofb_state_3des
);
3582 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cfb", testpropq
);
3583 ref_iv
= cfb_state_3des
;
3584 ref_len
= sizeof(cfb_state_3des
);
3591 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3592 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3593 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3595 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3596 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3597 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3599 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3600 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3601 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3604 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3605 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3607 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3612 EVP_CIPHER_CTX_free(ctx
);
3613 EVP_CIPHER_free(type
);
3618 #ifndef OPENSSL_NO_BF
3619 static int test_evp_bf_default_keylen(int idx
)
3622 static const char *algos
[4] = {
3623 "bf-ecb", "bf-cbc", "bf-cfb", "bf-ofb"
3625 int ivlen
[4] = { 0, 8, 8, 8 };
3626 EVP_CIPHER
*cipher
= NULL
;
3628 if (lgcyprov
== NULL
)
3629 return TEST_skip("Test requires legacy provider to be loaded");
3631 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, algos
[idx
], testpropq
))
3632 || !TEST_int_eq(EVP_CIPHER_get_key_length(cipher
), 16)
3633 || !TEST_int_eq(EVP_CIPHER_get_iv_length(cipher
), ivlen
[idx
]))
3638 EVP_CIPHER_free(cipher
);
3643 #ifndef OPENSSL_NO_EC
3644 static int ecpub_nids
[] = {
3645 NID_brainpoolP256r1
, NID_X9_62_prime256v1
,
3646 NID_secp384r1
, NID_secp521r1
,
3647 # ifndef OPENSSL_NO_EC2M
3648 NID_sect233k1
, NID_sect233r1
, NID_sect283r1
,
3649 NID_sect409k1
, NID_sect409r1
, NID_sect571k1
, NID_sect571r1
,
3651 NID_brainpoolP384r1
, NID_brainpoolP512r1
3654 static int test_ecpub(int idx
)
3656 int ret
= 0, len
, savelen
;
3658 unsigned char buf
[1024];
3660 EVP_PKEY
*pkey
= NULL
;
3661 EVP_PKEY_CTX
*ctx
= NULL
;
3662 # ifndef OPENSSL_NO_DEPRECATED_3_0
3663 const unsigned char *q
;
3664 EVP_PKEY
*pkey2
= NULL
;
3668 if (nullprov
!= NULL
)
3669 return TEST_skip("Test does not support a non-default library context");
3671 nid
= ecpub_nids
[idx
];
3673 ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
3675 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3676 || !TEST_int_gt(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, nid
), 0)
3677 || !TEST_true(EVP_PKEY_keygen(ctx
, &pkey
)))
3679 len
= i2d_PublicKey(pkey
, NULL
);
3681 if (!TEST_int_ge(len
, 1)
3682 || !TEST_int_lt(len
, 1024))
3685 len
= i2d_PublicKey(pkey
, &p
);
3686 if (!TEST_int_ge(len
, 1)
3687 || !TEST_int_eq(len
, savelen
))
3690 # ifndef OPENSSL_NO_DEPRECATED_3_0
3691 /* Now try to decode the just-created DER. */
3693 if (!TEST_ptr((pkey2
= EVP_PKEY_new()))
3694 || !TEST_ptr((ec
= EC_KEY_new_by_curve_name(nid
)))
3695 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2
, ec
)))
3697 /* EC_KEY ownership transferred */
3699 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC
, &pkey2
, &q
, savelen
)))
3701 /* The keys should match. */
3702 if (!TEST_int_eq(EVP_PKEY_eq(pkey
, pkey2
), 1))
3709 EVP_PKEY_CTX_free(ctx
);
3710 EVP_PKEY_free(pkey
);
3711 # ifndef OPENSSL_NO_DEPRECATED_3_0
3712 EVP_PKEY_free(pkey2
);
3719 static int test_EVP_rsa_pss_with_keygen_bits(void)
3722 EVP_PKEY_CTX
*ctx
= NULL
;
3723 EVP_PKEY
*pkey
= NULL
;
3726 md
= EVP_MD_fetch(testctx
, "sha256", testpropq
);
3728 && TEST_ptr((ctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA-PSS", testpropq
)))
3729 && TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3730 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, 512), 0)
3731 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx
, md
), 0)
3732 && TEST_true(EVP_PKEY_keygen(ctx
, &pkey
));
3735 EVP_PKEY_free(pkey
);
3736 EVP_PKEY_CTX_free(ctx
);
3740 static int test_EVP_rsa_pss_set_saltlen(void)
3743 EVP_PKEY
*pkey
= NULL
;
3744 EVP_PKEY_CTX
*pkey_ctx
= NULL
;
3745 EVP_MD
*sha256
= NULL
;
3746 EVP_MD_CTX
*sha256_ctx
= NULL
;
3747 int saltlen
= 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3748 const int test_value
= 32;
3750 ret
= TEST_ptr(pkey
= load_example_rsa_key())
3751 && TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", NULL
))
3752 && TEST_ptr(sha256_ctx
= EVP_MD_CTX_new())
3753 && TEST_true(EVP_DigestSignInit(sha256_ctx
, &pkey_ctx
, sha256
, NULL
, pkey
))
3754 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx
, RSA_PKCS1_PSS_PADDING
))
3755 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx
, test_value
), 0)
3756 && TEST_int_gt(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx
, &saltlen
), 0)
3757 && TEST_int_eq(saltlen
, test_value
);
3759 EVP_MD_CTX_free(sha256_ctx
);
3760 EVP_PKEY_free(pkey
);
3761 EVP_MD_free(sha256
);
3766 static int success
= 1;
3767 static void md_names(const char *name
, void *vctx
)
3769 OSSL_LIB_CTX
*ctx
= (OSSL_LIB_CTX
*)vctx
;
3770 /* Force a namemap update */
3771 EVP_CIPHER
*aes128
= EVP_CIPHER_fetch(ctx
, "AES-128-CBC", NULL
);
3773 if (!TEST_ptr(aes128
))
3776 EVP_CIPHER_free(aes128
);
3780 * Test that changing the namemap in a user callback works in a names_do_all
3783 static int test_names_do_all(void)
3785 /* We use a custom libctx so that we know the state of the namemap */
3786 OSSL_LIB_CTX
*ctx
= OSSL_LIB_CTX_new();
3787 EVP_MD
*sha256
= NULL
;
3793 sha256
= EVP_MD_fetch(ctx
, "SHA2-256", NULL
);
3794 if (!TEST_ptr(sha256
))
3798 * We loop through all the names for a given digest. This should still work
3799 * even if the namemap changes part way through.
3801 if (!TEST_true(EVP_MD_names_do_all(sha256
, md_names
, ctx
)))
3804 if (!TEST_true(success
))
3809 EVP_MD_free(sha256
);
3810 OSSL_LIB_CTX_free(ctx
);
3816 const unsigned char *key
;
3817 const unsigned char *iv
;
3818 const unsigned char *input
;
3819 const unsigned char *expected
;
3820 const unsigned char *tag
;
3821 size_t ivlen
; /* 0 if we do not need to set a specific IV len */
3830 static const EVP_INIT_TEST_st evp_init_tests
[] = {
3832 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3833 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3837 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3838 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3839 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3840 sizeof(gcmDefaultTag
), 1, 0, 1
3843 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3844 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3848 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3849 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3850 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3851 sizeof(gcmDefaultTag
), 0, 0, 1
3854 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3855 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3859 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3860 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3861 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3862 sizeof(gcmDefaultTag
), 1, 1, 0
3865 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3866 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3870 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3871 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3872 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3873 sizeof(gcmDefaultTag
), 0, 1, 0
3877 static int evp_init_seq_set_iv(EVP_CIPHER_CTX
*ctx
, const EVP_INIT_TEST_st
*t
)
3881 if (t
->ivlen
!= 0) {
3882 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen
, NULL
), 0))
3885 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv
, -1)))
3893 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3894 * arguments are given one at a time and a final adjustment to the enc
3895 * parameter sets the correct operation.
3897 static int test_evp_init_seq(int idx
)
3899 int outlen1
, outlen2
;
3901 unsigned char outbuf
[1024];
3902 unsigned char tag
[16];
3903 const EVP_INIT_TEST_st
*t
= &evp_init_tests
[idx
];
3904 EVP_CIPHER_CTX
*ctx
= NULL
;
3905 EVP_CIPHER
*type
= NULL
;
3906 size_t taglen
= sizeof(tag
);
3907 char *errmsg
= NULL
;
3909 ctx
= EVP_CIPHER_CTX_new();
3911 errmsg
= "CTX_ALLOC";
3914 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
))) {
3915 errmsg
= "CIPHER_FETCH";
3918 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, t
->initenc
))) {
3919 errmsg
= "EMPTY_ENC_INIT";
3922 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3926 if (t
->keyfirst
&& !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3927 errmsg
= "KEY_INIT (before iv)";
3930 if (!evp_init_seq_set_iv(ctx
, t
)) {
3934 if (t
->keyfirst
== 0 && !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3935 errmsg
= "KEY_INIT (after iv)";
3938 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, t
->finalenc
))) {
3939 errmsg
= "FINAL_ENC_INIT";
3942 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3943 errmsg
= "CIPHER_UPDATE";
3946 if (t
->finalenc
== 0 && t
->tag
!= NULL
) {
3947 /* Set expected tag */
3948 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
,
3949 t
->taglen
, (void *)t
->tag
), 0)) {
3954 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3955 errmsg
= "CIPHER_FINAL";
3958 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3959 errmsg
= "WRONG_RESULT";
3962 if (t
->finalenc
!= 0 && t
->tag
!= NULL
) {
3963 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
), 0)) {
3967 if (!TEST_mem_eq(t
->tag
, t
->taglen
, tag
, taglen
)) {
3968 errmsg
= "TAG_ERROR";
3975 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3976 EVP_CIPHER_CTX_free(ctx
);
3977 EVP_CIPHER_free(type
);
3982 const unsigned char *input
;
3983 const unsigned char *expected
;
3987 } EVP_RESET_TEST_st
;
3989 static const EVP_RESET_TEST_st evp_reset_tests
[] = {
3991 cfbPlaintext
, cfbCiphertext
,
3992 sizeof(cfbPlaintext
), sizeof(cfbCiphertext
), 1
3995 cfbCiphertext
, cfbPlaintext
,
3996 sizeof(cfbCiphertext
), sizeof(cfbPlaintext
), 0
4001 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
4004 static int test_evp_reset(int idx
)
4006 const EVP_RESET_TEST_st
*t
= &evp_reset_tests
[idx
];
4007 int outlen1
, outlen2
;
4009 unsigned char outbuf
[1024];
4010 EVP_CIPHER_CTX
*ctx
= NULL
;
4011 EVP_CIPHER
*type
= NULL
;
4012 char *errmsg
= NULL
;
4014 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
4015 errmsg
= "CTX_ALLOC";
4018 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
))) {
4019 errmsg
= "CIPHER_FETCH";
4022 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
4023 errmsg
= "CIPHER_INIT";
4026 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
4030 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
4031 errmsg
= "CIPHER_UPDATE";
4034 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
4035 errmsg
= "CIPHER_FINAL";
4038 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
4039 errmsg
= "WRONG_RESULT";
4042 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, -1))) {
4043 errmsg
= "CIPHER_REINIT";
4046 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
4047 errmsg
= "CIPHER_UPDATE (reinit)";
4050 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
4051 errmsg
= "CIPHER_FINAL (reinit)";
4054 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
4055 errmsg
= "WRONG_RESULT (reinit)";
4061 TEST_info("test_evp_reset %d: %s", idx
, errmsg
);
4062 EVP_CIPHER_CTX_free(ctx
);
4063 EVP_CIPHER_free(type
);
4070 } EVP_UPDATED_IV_TEST_st
;
4072 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests
[] = {
4112 * Test that the IV in the context is updated during a crypto operation for CFB
4115 static int test_evp_updated_iv(int idx
)
4117 const EVP_UPDATED_IV_TEST_st
*t
= &evp_updated_iv_tests
[idx
];
4118 int outlen1
, outlen2
;
4120 unsigned char outbuf
[1024];
4121 EVP_CIPHER_CTX
*ctx
= NULL
;
4122 EVP_CIPHER
*type
= NULL
;
4123 unsigned char updated_iv
[EVP_MAX_IV_LENGTH
];
4125 char *errmsg
= NULL
;
4127 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
4128 errmsg
= "CTX_ALLOC";
4131 if ((type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
)) == NULL
) {
4132 TEST_info("cipher %s not supported, skipping", t
->cipher
);
4136 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
4137 errmsg
= "CIPHER_INIT";
4140 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
4144 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, cfbPlaintext
, sizeof(cfbPlaintext
)))) {
4145 errmsg
= "CIPHER_UPDATE";
4148 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, updated_iv
, sizeof(updated_iv
)))) {
4149 errmsg
= "CIPHER_CTX_GET_UPDATED_IV";
4152 if (!TEST_true(iv_len
= EVP_CIPHER_CTX_get_iv_length(ctx
))) {
4153 errmsg
= "CIPHER_CTX_GET_IV_LEN";
4156 if (!TEST_mem_ne(iCFBIV
, sizeof(iCFBIV
), updated_iv
, iv_len
)) {
4157 errmsg
= "IV_NOT_UPDATED";
4160 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
4161 errmsg
= "CIPHER_FINAL";
4168 TEST_info("test_evp_updated_iv %d: %s", idx
, errmsg
);
4169 EVP_CIPHER_CTX_free(ctx
);
4170 EVP_CIPHER_free(type
);
4175 const unsigned char *iv1
;
4176 const unsigned char *iv2
;
4177 const unsigned char *expected1
;
4178 const unsigned char *expected2
;
4179 const unsigned char *tag1
;
4180 const unsigned char *tag2
;
4183 size_t expectedlen1
;
4184 size_t expectedlen2
;
4185 } TEST_GCM_IV_REINIT_st
;
4187 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests
[] = {
4189 iGCMResetIV1
, iGCMResetIV2
, gcmResetCiphertext1
, gcmResetCiphertext2
,
4190 gcmResetTag1
, gcmResetTag2
, sizeof(iGCMResetIV1
), sizeof(iGCMResetIV2
),
4191 sizeof(gcmResetCiphertext1
), sizeof(gcmResetCiphertext2
)
4194 iGCMResetIV2
, iGCMResetIV1
, gcmResetCiphertext2
, gcmResetCiphertext1
,
4195 gcmResetTag2
, gcmResetTag1
, sizeof(iGCMResetIV2
), sizeof(iGCMResetIV1
),
4196 sizeof(gcmResetCiphertext2
), sizeof(gcmResetCiphertext1
)
4200 static int test_gcm_reinit(int idx
)
4202 int outlen1
, outlen2
, outlen3
;
4204 unsigned char outbuf
[1024];
4205 unsigned char tag
[16];
4206 const TEST_GCM_IV_REINIT_st
*t
= &gcm_reinit_tests
[idx
];
4207 EVP_CIPHER_CTX
*ctx
= NULL
;
4208 EVP_CIPHER
*type
= NULL
;
4209 size_t taglen
= sizeof(tag
);
4210 char *errmsg
= NULL
;
4212 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
4213 errmsg
= "CTX_ALLOC";
4216 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-256-gcm", testpropq
))) {
4217 errmsg
= "CIPHER_FETCH";
4220 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, 1))) {
4221 errmsg
= "ENC_INIT";
4224 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen1
, NULL
), 0)) {
4225 errmsg
= "SET_IVLEN1";
4228 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, kGCMResetKey
, t
->iv1
, 1))) {
4232 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
4236 EVP_CIPHER_CTX_set_padding(ctx
, 0);
4237 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
4238 sizeof(gcmResetPlaintext
)))) {
4239 errmsg
= "CIPHER_UPDATE1";
4242 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
4243 errmsg
= "CIPHER_FINAL1";
4246 if (!TEST_mem_eq(t
->expected1
, t
->expectedlen1
, outbuf
, outlen1
+ outlen2
)) {
4247 errmsg
= "WRONG_RESULT1";
4250 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
), 0)) {
4251 errmsg
= "GET_TAG1";
4254 if (!TEST_mem_eq(t
->tag1
, taglen
, tag
, taglen
)) {
4255 errmsg
= "TAG_ERROR1";
4259 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen2
, NULL
), 0)) {
4260 errmsg
= "SET_IVLEN2";
4263 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv2
, -1))) {
4267 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
4271 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
4272 sizeof(gcmResetPlaintext
)))) {
4273 errmsg
= "CIPHER_UPDATE2";
4276 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
4277 errmsg
= "CIPHER_FINAL2";
4280 if (!TEST_mem_eq(t
->expected2
, t
->expectedlen2
, outbuf
, outlen1
+ outlen2
)) {
4281 errmsg
= "WRONG_RESULT2";
4284 if (!TEST_int_gt(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
), 0)) {
4285 errmsg
= "GET_TAG2";
4288 if (!TEST_mem_eq(t
->tag2
, taglen
, tag
, taglen
)) {
4289 errmsg
= "TAG_ERROR2";
4295 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
4296 EVP_CIPHER_CTX_free(ctx
);
4297 EVP_CIPHER_free(type
);
4301 #ifndef OPENSSL_NO_DEPRECATED_3_0
4302 static EVP_PKEY_METHOD
*custom_pmeth
= NULL
;
4303 static const EVP_PKEY_METHOD
*orig_pmeth
= NULL
;
4305 # define EVP_PKEY_CTRL_MY_COMMAND 9999
4307 static int custom_pmeth_init(EVP_PKEY_CTX
*ctx
)
4309 int (*pinit
)(EVP_PKEY_CTX
*ctx
);
4311 EVP_PKEY_meth_get_init(orig_pmeth
, &pinit
);
4315 static void custom_pmeth_cleanup(EVP_PKEY_CTX
*ctx
)
4317 void (*pcleanup
)(EVP_PKEY_CTX
*ctx
);
4319 EVP_PKEY_meth_get_cleanup(orig_pmeth
, &pcleanup
);
4323 static int custom_pmeth_sign(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
4324 size_t *outlen
, const unsigned char *in
,
4327 int (*psign
)(EVP_PKEY_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
4328 const unsigned char *tbs
, size_t tbslen
);
4330 EVP_PKEY_meth_get_sign(orig_pmeth
, NULL
, &psign
);
4331 return psign(ctx
, out
, outlen
, in
, inlen
);
4334 static int custom_pmeth_digestsign(EVP_MD_CTX
*ctx
, unsigned char *sig
,
4335 size_t *siglen
, const unsigned char *tbs
,
4338 int (*pdigestsign
)(EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
4339 const unsigned char *tbs
, size_t tbslen
);
4341 EVP_PKEY_meth_get_digestsign(orig_pmeth
, &pdigestsign
);
4342 return pdigestsign(ctx
, sig
, siglen
, tbs
, tbslen
);
4345 static int custom_pmeth_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
,
4348 int (*pderive
)(EVP_PKEY_CTX
*ctx
, unsigned char *key
, size_t *keylen
);
4350 EVP_PKEY_meth_get_derive(orig_pmeth
, NULL
, &pderive
);
4351 return pderive(ctx
, key
, keylen
);
4354 static int custom_pmeth_copy(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
)
4356 int (*pcopy
)(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
);
4358 EVP_PKEY_meth_get_copy(orig_pmeth
, &pcopy
);
4359 return pcopy(dst
, src
);
4362 static int ctrl_called
;
4364 static int custom_pmeth_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
4366 int (*pctrl
)(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
4368 EVP_PKEY_meth_get_ctrl(orig_pmeth
, &pctrl
, NULL
);
4370 if (type
== EVP_PKEY_CTRL_MY_COMMAND
) {
4375 return pctrl(ctx
, type
, p1
, p2
);
4378 static int test_custom_pmeth(int idx
)
4380 EVP_PKEY_CTX
*pctx
= NULL
;
4381 EVP_MD_CTX
*ctx
= NULL
;
4382 EVP_PKEY
*pkey
= NULL
;
4383 int id
, orig_id
, orig_flags
;
4386 unsigned char *res
= NULL
;
4387 unsigned char msg
[] = { 'H', 'e', 'l', 'l', 'o' };
4388 const EVP_MD
*md
= EVP_sha256();
4393 /* We call deprecated APIs so this test doesn't support a custom libctx */
4394 if (testctx
!= NULL
)
4401 pkey
= load_example_rsa_key();
4405 # ifndef OPENSSL_NO_DSA
4407 pkey
= load_example_dsa_key();
4414 # ifndef OPENSSL_NO_EC
4416 pkey
= load_example_ec_key();
4423 # ifndef OPENSSL_NO_ECX
4424 id
= EVP_PKEY_ED25519
;
4426 pkey
= load_example_ed25519_key();
4433 # ifndef OPENSSL_NO_DH
4436 pkey
= load_example_dh_key();
4443 # ifndef OPENSSL_NO_ECX
4444 id
= EVP_PKEY_X25519
;
4446 pkey
= load_example_x25519_key();
4452 TEST_error("Should not happen");
4456 if (!TEST_ptr(pkey
))
4460 if (!TEST_true(evp_pkey_is_provided(pkey
)))
4463 EVP_PKEY
*tmp
= pkey
;
4465 /* Convert to a legacy key */
4466 pkey
= EVP_PKEY_new();
4467 if (!TEST_ptr(pkey
)) {
4471 if (!TEST_true(evp_pkey_copy_downgraded(&pkey
, tmp
))) {
4476 if (!TEST_true(evp_pkey_is_legacy(pkey
)))
4480 if (!TEST_ptr(orig_pmeth
= EVP_PKEY_meth_find(id
))
4484 EVP_PKEY_meth_get0_info(&orig_id
, &orig_flags
, orig_pmeth
);
4485 if (!TEST_int_eq(orig_id
, id
)
4486 || !TEST_ptr(custom_pmeth
= EVP_PKEY_meth_new(id
, orig_flags
)))
4489 if (id
== EVP_PKEY_ED25519
) {
4490 EVP_PKEY_meth_set_digestsign(custom_pmeth
, custom_pmeth_digestsign
);
4491 } if (id
== EVP_PKEY_DH
|| id
== EVP_PKEY_X25519
) {
4492 EVP_PKEY_meth_set_derive(custom_pmeth
, NULL
, custom_pmeth_derive
);
4494 EVP_PKEY_meth_set_sign(custom_pmeth
, NULL
, custom_pmeth_sign
);
4496 if (id
!= EVP_PKEY_ED25519
&& id
!= EVP_PKEY_X25519
) {
4497 EVP_PKEY_meth_set_init(custom_pmeth
, custom_pmeth_init
);
4498 EVP_PKEY_meth_set_cleanup(custom_pmeth
, custom_pmeth_cleanup
);
4499 EVP_PKEY_meth_set_copy(custom_pmeth
, custom_pmeth_copy
);
4501 EVP_PKEY_meth_set_ctrl(custom_pmeth
, custom_pmeth_ctrl
, NULL
);
4502 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth
)))
4506 pctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
4508 || !TEST_int_eq(EVP_PKEY_derive_init(pctx
), 1)
4509 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4510 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4512 || !TEST_int_eq(ctrl_called
, 1)
4513 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx
, pkey
), 1)
4514 || !TEST_int_ge(EVP_PKEY_derive(pctx
, NULL
, &reslen
), 1)
4515 || !TEST_ptr(res
= OPENSSL_malloc(reslen
))
4516 || !TEST_int_ge(EVP_PKEY_derive(pctx
, res
, &reslen
), 1))
4519 ctx
= EVP_MD_CTX_new();
4520 reslen
= EVP_PKEY_size(pkey
);
4521 res
= OPENSSL_malloc(reslen
);
4524 || !TEST_true(EVP_DigestSignInit(ctx
, &pctx
, md
, NULL
, pkey
))
4525 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4526 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4528 || !TEST_int_eq(ctrl_called
, 1))
4531 if (id
== EVP_PKEY_ED25519
) {
4532 if (!TEST_true(EVP_DigestSign(ctx
, res
, &reslen
, msg
, sizeof(msg
))))
4535 if (!TEST_true(EVP_DigestUpdate(ctx
, msg
, sizeof(msg
)))
4536 || !TEST_true(EVP_DigestSignFinal(ctx
, res
, &reslen
)))
4544 EVP_MD_CTX_free(ctx
);
4546 EVP_PKEY_CTX_free(pctx
);
4547 EVP_PKEY_free(pkey
);
4548 EVP_PKEY_meth_remove(custom_pmeth
);
4549 EVP_PKEY_meth_free(custom_pmeth
);
4550 custom_pmeth
= NULL
;
4554 static int test_evp_md_cipher_meth(void)
4556 EVP_MD
*md
= EVP_MD_meth_dup(EVP_sha256());
4557 EVP_CIPHER
*ciph
= EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4560 if (!TEST_ptr(md
) || !TEST_ptr(ciph
))
4566 EVP_MD_meth_free(md
);
4567 EVP_CIPHER_meth_free(ciph
);
4576 static int custom_md_init_called
= 0;
4577 static int custom_md_cleanup_called
= 0;
4579 static int custom_md_init(EVP_MD_CTX
*ctx
)
4581 custom_dgst_ctx
*p
= EVP_MD_CTX_md_data(ctx
);
4586 custom_md_init_called
++;
4590 static int custom_md_cleanup(EVP_MD_CTX
*ctx
)
4592 custom_dgst_ctx
*p
= EVP_MD_CTX_md_data(ctx
);
4598 custom_md_cleanup_called
++;
4602 static int test_custom_md_meth(void)
4604 EVP_MD_CTX
*mdctx
= NULL
;
4606 char mess
[] = "Test Message\n";
4607 unsigned char md_value
[EVP_MAX_MD_SIZE
];
4608 unsigned int md_len
;
4613 * We are testing deprecated functions. We don't support a non-default
4614 * library context in this test.
4616 if (testctx
!= NULL
)
4617 return TEST_skip("Non-default libctx");
4619 custom_md_init_called
= custom_md_cleanup_called
= 0;
4621 nid
= OBJ_create("1.3.6.1.4.1.16604.998866.1", "custom-md", "custom-md");
4622 if (!TEST_int_ne(nid
, NID_undef
))
4624 tmp
= EVP_MD_meth_new(nid
, NID_undef
);
4628 if (!TEST_true(EVP_MD_meth_set_init(tmp
, custom_md_init
))
4629 || !TEST_true(EVP_MD_meth_set_cleanup(tmp
, custom_md_cleanup
))
4630 || !TEST_true(EVP_MD_meth_set_app_datasize(tmp
,
4631 sizeof(custom_dgst_ctx
))))
4634 mdctx
= EVP_MD_CTX_new();
4635 if (!TEST_ptr(mdctx
)
4637 * Initing our custom md and then initing another md should
4638 * result in the init and cleanup functions of the custom md
4641 || !TEST_true(EVP_DigestInit_ex(mdctx
, tmp
, NULL
))
4642 || !TEST_true(EVP_DigestInit_ex(mdctx
, EVP_sha256(), NULL
))
4643 || !TEST_true(EVP_DigestUpdate(mdctx
, mess
, strlen(mess
)))
4644 || !TEST_true(EVP_DigestFinal_ex(mdctx
, md_value
, &md_len
))
4645 || !TEST_int_eq(custom_md_init_called
, 1)
4646 || !TEST_int_eq(custom_md_cleanup_called
, 1))
4651 EVP_MD_CTX_free(mdctx
);
4652 EVP_MD_meth_free(tmp
);
4660 static int custom_ciph_init_called
= 0;
4661 static int custom_ciph_cleanup_called
= 0;
4663 static int custom_ciph_init(EVP_CIPHER_CTX
*ctx
, const unsigned char *key
,
4664 const unsigned char *iv
, int enc
)
4666 custom_ciph_ctx
*p
= EVP_CIPHER_CTX_get_cipher_data(ctx
);
4671 custom_ciph_init_called
++;
4675 static int custom_ciph_cleanup(EVP_CIPHER_CTX
*ctx
)
4677 custom_ciph_ctx
*p
= EVP_CIPHER_CTX_get_cipher_data(ctx
);
4683 custom_ciph_cleanup_called
++;
4687 static int test_custom_ciph_meth(void)
4689 EVP_CIPHER_CTX
*ciphctx
= NULL
;
4690 EVP_CIPHER
*tmp
= NULL
;
4695 * We are testing deprecated functions. We don't support a non-default
4696 * library context in this test.
4698 if (testctx
!= NULL
)
4699 return TEST_skip("Non-default libctx");
4701 custom_ciph_init_called
= custom_ciph_cleanup_called
= 0;
4703 nid
= OBJ_create("1.3.6.1.4.1.16604.998866.2", "custom-ciph", "custom-ciph");
4704 if (!TEST_int_ne(nid
, NID_undef
))
4706 tmp
= EVP_CIPHER_meth_new(nid
, 16, 16);
4710 if (!TEST_true(EVP_CIPHER_meth_set_init(tmp
, custom_ciph_init
))
4711 || !TEST_true(EVP_CIPHER_meth_set_flags(tmp
, EVP_CIPH_ALWAYS_CALL_INIT
))
4712 || !TEST_true(EVP_CIPHER_meth_set_cleanup(tmp
, custom_ciph_cleanup
))
4713 || !TEST_true(EVP_CIPHER_meth_set_impl_ctx_size(tmp
,
4714 sizeof(custom_ciph_ctx
))))
4717 ciphctx
= EVP_CIPHER_CTX_new();
4718 if (!TEST_ptr(ciphctx
)
4720 * Initing our custom cipher and then initing another cipher
4721 * should result in the init and cleanup functions of the custom
4722 * cipher being called.
4724 || !TEST_true(EVP_CipherInit_ex(ciphctx
, tmp
, NULL
, NULL
, NULL
, 1))
4725 || !TEST_true(EVP_CipherInit_ex(ciphctx
, EVP_aes_128_cbc(), NULL
,
4727 || !TEST_int_eq(custom_ciph_init_called
, 1)
4728 || !TEST_int_eq(custom_ciph_cleanup_called
, 1))
4733 EVP_CIPHER_CTX_free(ciphctx
);
4734 EVP_CIPHER_meth_free(tmp
);
4738 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4739 /* Test we can create a signature keys with an associated ENGINE */
4740 static int test_signatures_with_engine(int tst
)
4743 const char *engine_id
= "dasync";
4744 EVP_PKEY
*pkey
= NULL
;
4745 const unsigned char badcmackey
[] = { 0x00, 0x01 };
4746 const unsigned char cmackey
[] = {
4747 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4748 0x0c, 0x0d, 0x0e, 0x0f
4750 const unsigned char ed25519key
[] = {
4751 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4752 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4753 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4755 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4757 EVP_MD_CTX
*ctx
= NULL
;
4758 unsigned char *mac
= NULL
;
4762 # ifdef OPENSSL_NO_CMAC
4763 /* Skip CMAC tests in a no-cmac build */
4767 # ifdef OPENSSL_NO_ECX
4768 /* Skip ECX tests in a no-ecx build */
4773 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4776 if (!TEST_true(ENGINE_init(e
))) {
4783 pkey
= EVP_PKEY_new_CMAC_key(e
, cmackey
, sizeof(cmackey
),
4787 pkey
= EVP_PKEY_new_CMAC_key(e
, badcmackey
, sizeof(badcmackey
),
4791 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519
, e
, ed25519key
,
4792 sizeof(ed25519key
));
4795 TEST_error("Invalid test case");
4798 if (!TEST_ptr(pkey
))
4801 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
4804 ret
= EVP_DigestSignInit(ctx
, NULL
, tst
== 2 ? NULL
: EVP_sha256(), NULL
,
4807 if (!TEST_true(ret
))
4810 if (!TEST_true(EVP_DigestSignUpdate(ctx
, msg
, sizeof(msg
)))
4811 || !TEST_true(EVP_DigestSignFinal(ctx
, NULL
, &maclen
)))
4814 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
4817 if (!TEST_true(EVP_DigestSignFinal(ctx
, mac
, &maclen
)))
4820 /* We used a bad key. We expect a failure here */
4821 if (!TEST_false(ret
))
4827 EVP_MD_CTX_free(ctx
);
4829 EVP_PKEY_free(pkey
);
4836 static int test_cipher_with_engine(void)
4839 const char *engine_id
= "dasync";
4840 const unsigned char keyiv
[] = {
4841 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4842 0x0c, 0x0d, 0x0e, 0x0f
4844 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4846 EVP_CIPHER_CTX
*ctx
= NULL
, *ctx2
= NULL
;
4847 unsigned char buf
[AES_BLOCK_SIZE
];
4850 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4853 if (!TEST_true(ENGINE_init(e
))) {
4858 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
4859 || !TEST_ptr(ctx2
= EVP_CIPHER_CTX_new()))
4862 if (!TEST_true(EVP_EncryptInit_ex(ctx
, EVP_aes_128_cbc(), e
, keyiv
, keyiv
)))
4865 /* Copy the ctx, and complete the operation with the new ctx */
4866 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2
, ctx
)))
4869 if (!TEST_true(EVP_EncryptUpdate(ctx2
, buf
, &len
, msg
, sizeof(msg
)))
4870 || !TEST_true(EVP_EncryptFinal_ex(ctx2
, buf
+ len
, &len
)))
4875 EVP_CIPHER_CTX_free(ctx
);
4876 EVP_CIPHER_CTX_free(ctx2
);
4882 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4883 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4885 #ifndef OPENSSL_NO_ECX
4886 static int ecxnids
[] = {
4893 /* Test that creating ECX keys with a short private key fails as expected */
4894 static int test_ecx_short_keys(int tst
)
4896 unsigned char ecxkeydata
= 1;
4900 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, OBJ_nid2sn(ecxnids
[tst
]),
4901 NULL
, &ecxkeydata
, 1);
4902 if (!TEST_ptr_null(pkey
)) {
4903 EVP_PKEY_free(pkey
);
4911 typedef enum OPTION_choice
{
4918 const OPTIONS
*test_get_options(void)
4920 static const OPTIONS options
[] = {
4921 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
4922 { "context", OPT_CONTEXT
, '-', "Explicitly use a non-default library context" },
4928 #ifndef OPENSSL_NO_ECX
4929 /* Test that trying to sign with a public key errors out gracefully */
4930 static int test_ecx_not_private_key(int tst
)
4932 EVP_PKEY
*pkey
= NULL
;
4934 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4936 EVP_MD_CTX
*ctx
= NULL
;
4937 unsigned char *mac
= NULL
;
4939 unsigned char *pubkey
;
4942 switch (keys
[tst
].type
) {
4945 return TEST_skip("signing not supported for X25519/X448");
4948 /* Check if this algorithm supports public keys */
4949 if (keys
[tst
].pub
== NULL
)
4950 return TEST_skip("no public key present");
4952 pubkey
= (unsigned char *)keys
[tst
].pub
;
4953 pubkeylen
= strlen(keys
[tst
].pub
);
4955 pkey
= EVP_PKEY_new_raw_public_key_ex(testctx
, OBJ_nid2sn(keys
[tst
].type
),
4956 NULL
, pubkey
, pubkeylen
);
4957 if (!TEST_ptr(pkey
))
4960 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
4963 if (EVP_DigestSignInit(ctx
, NULL
, NULL
, NULL
, pkey
) != 1)
4966 if (EVP_DigestSign(ctx
, NULL
, &maclen
, msg
, sizeof(msg
)) != 1)
4969 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
4972 if (!TEST_int_eq(EVP_DigestSign(ctx
, mac
, &maclen
, msg
, sizeof(msg
)), 0))
4977 * Currently only EVP_DigestSign will throw PROV_R_NOT_A_PRIVATE_KEY,
4978 * but we relax the check to allow error also thrown by
4979 * EVP_DigestSignInit and EVP_DigestSign.
4981 if (ERR_GET_REASON(ERR_peek_error()) == PROV_R_NOT_A_PRIVATE_KEY
) {
4987 EVP_MD_CTX_free(ctx
);
4989 EVP_PKEY_free(pkey
);
4993 #endif /* OPENSSL_NO_ECX */
4995 static int test_sign_continuation(void)
4997 OSSL_PROVIDER
*fake_rsa
= NULL
;
4999 EVP_PKEY
*pkey
= NULL
;
5000 EVP_PKEY_CTX
*pctx
= NULL
;
5001 EVP_MD_CTX
*mctx
= NULL
;
5002 const char sigbuf
[] = "To Be Signed";
5003 unsigned char signature
[256];
5004 size_t siglen
= 256;
5005 static int nodupnum
= 1;
5006 static const OSSL_PARAM nodup_params
[] = {
5007 OSSL_PARAM_int("NO_DUP", &nodupnum
),
5011 if (!TEST_ptr(fake_rsa
= fake_rsa_start(testctx
)))
5014 /* Construct a pkey using precise propq to use our provider */
5015 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA",
5016 "provider=fake-rsa"))
5017 || !TEST_true(EVP_PKEY_fromdata_init(pctx
))
5018 || !TEST_true(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
, NULL
))
5022 /* First test it continues (classic behavior) */
5023 if (!TEST_ptr(mctx
= EVP_MD_CTX_new())
5024 || !TEST_true(EVP_DigestSignInit_ex(mctx
, NULL
, NULL
, testctx
,
5026 || !TEST_true(EVP_DigestSignUpdate(mctx
, sigbuf
, sizeof(sigbuf
)))
5027 || !TEST_true(EVP_DigestSignFinal(mctx
, signature
, &siglen
))
5028 || !TEST_true(EVP_DigestSignUpdate(mctx
, sigbuf
, sizeof(sigbuf
)))
5029 || !TEST_true(EVP_DigestSignFinal(mctx
, signature
, &siglen
)))
5032 EVP_MD_CTX_free(mctx
);
5034 /* try again but failing the continuation */
5035 if (!TEST_ptr(mctx
= EVP_MD_CTX_new())
5036 || !TEST_true(EVP_DigestSignInit_ex(mctx
, NULL
, NULL
, testctx
,
5037 NULL
, pkey
, nodup_params
))
5038 || !TEST_true(EVP_DigestSignUpdate(mctx
, sigbuf
, sizeof(sigbuf
)))
5039 || !TEST_true(EVP_DigestSignFinal(mctx
, signature
, &siglen
))
5040 || !TEST_false(EVP_DigestSignUpdate(mctx
, sigbuf
, sizeof(sigbuf
)))
5041 || !TEST_false(EVP_DigestSignFinal(mctx
, signature
, &siglen
)))
5047 EVP_MD_CTX_free(mctx
);
5048 EVP_PKEY_free(pkey
);
5049 EVP_PKEY_CTX_free(pctx
);
5050 fake_rsa_finish(fake_rsa
);
5054 int setup_tests(void)
5058 while ((o
= opt_next()) != OPT_EOF
) {
5061 /* Set up an alternate library context */
5062 testctx
= OSSL_LIB_CTX_new();
5063 if (!TEST_ptr(testctx
))
5065 /* Swap the libctx to test non-default context only */
5066 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
5067 deflprov
= OSSL_PROVIDER_load(testctx
, "default");
5068 #ifndef OPENSSL_SYS_TANDEM
5069 lgcyprov
= OSSL_PROVIDER_load(testctx
, "legacy");
5072 case OPT_TEST_CASES
:
5079 ADD_TEST(test_EVP_set_default_properties
);
5080 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 30);
5081 ADD_TEST(test_EVP_DigestVerifyInit
);
5082 #ifndef OPENSSL_NO_SIPHASH
5083 ADD_TEST(test_siphash_digestsign
);
5085 ADD_TEST(test_EVP_Digest
);
5086 ADD_TEST(test_EVP_md_null
);
5087 ADD_ALL_TESTS(test_EVP_PKEY_sign
, 3);
5088 #ifndef OPENSSL_NO_DEPRECATED_3_0
5089 ADD_ALL_TESTS(test_EVP_PKEY_sign_with_app_method
, 2);
5091 ADD_ALL_TESTS(test_EVP_Enveloped
, 2);
5092 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
5093 ADD_TEST(test_privatekey_to_pkcs8
);
5094 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag
);
5095 #ifndef OPENSSL_NO_EC
5096 ADD_TEST(test_EVP_PKCS82PKEY
);
5098 #ifndef OPENSSL_NO_EC
5099 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
5101 #if !defined(OPENSSL_NO_SM2)
5102 ADD_TEST(test_EVP_SM2
);
5103 ADD_TEST(test_EVP_SM2_verify
);
5105 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
5106 #ifndef OPENSSL_NO_DEPRECATED_3_0
5107 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
5108 if (!TEST_ptr(custom_pmeth
))
5110 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
5111 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
5112 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
5113 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
5116 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
5117 #ifndef OPENSSL_NO_CMAC
5118 ADD_TEST(test_CMAC_keygen
);
5120 ADD_TEST(test_HKDF
);
5121 ADD_TEST(test_emptyikm_HKDF
);
5122 #ifndef OPENSSL_NO_EC
5123 ADD_TEST(test_X509_PUBKEY_inplace
);
5124 ADD_TEST(test_X509_PUBKEY_dup
);
5125 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
5126 OSSL_NELEM(ec_der_pub_keys
));
5128 #ifndef OPENSSL_NO_DSA
5129 ADD_TEST(test_DSA_get_set_params
);
5130 ADD_TEST(test_DSA_priv_pub
);
5132 ADD_TEST(test_RSA_get_set_params
);
5133 ADD_TEST(test_RSA_OAEP_set_get_params
);
5134 ADD_TEST(test_RSA_OAEP_set_null_label
);
5135 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
5136 ADD_TEST(test_decrypt_null_chunks
);
5138 #ifndef OPENSSL_NO_DH
5139 ADD_TEST(test_DH_priv_pub
);
5140 # ifndef OPENSSL_NO_DEPRECATED_3_0
5141 ADD_TEST(test_EVP_PKEY_set1_DH
);
5144 #ifndef OPENSSL_NO_EC
5145 ADD_TEST(test_EC_priv_pub
);
5146 ADD_TEST(test_evp_get_ec_pub
);
5147 # ifndef OPENSSL_NO_DEPRECATED_3_0
5148 ADD_TEST(test_EC_priv_only_legacy
);
5149 ADD_TEST(test_evp_get_ec_pub_legacy
);
5152 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
5153 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
5155 ADD_TEST(test_rand_agglomeration
);
5156 ADD_ALL_TESTS(test_evp_iv_aes
, 12);
5157 #ifndef OPENSSL_NO_DES
5158 ADD_ALL_TESTS(test_evp_iv_des
, 6);
5160 #ifndef OPENSSL_NO_BF
5161 ADD_ALL_TESTS(test_evp_bf_default_keylen
, 4);
5163 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits
);
5164 ADD_TEST(test_EVP_rsa_pss_set_saltlen
);
5165 #ifndef OPENSSL_NO_EC
5166 ADD_ALL_TESTS(test_ecpub
, OSSL_NELEM(ecpub_nids
));
5169 ADD_TEST(test_names_do_all
);
5171 ADD_ALL_TESTS(test_evp_init_seq
, OSSL_NELEM(evp_init_tests
));
5172 ADD_ALL_TESTS(test_evp_reset
, OSSL_NELEM(evp_reset_tests
));
5173 ADD_ALL_TESTS(test_gcm_reinit
, OSSL_NELEM(gcm_reinit_tests
));
5174 ADD_ALL_TESTS(test_evp_updated_iv
, OSSL_NELEM(evp_updated_iv_tests
));
5176 #ifndef OPENSSL_NO_DEPRECATED_3_0
5177 ADD_ALL_TESTS(test_custom_pmeth
, 12);
5178 ADD_TEST(test_evp_md_cipher_meth
);
5179 ADD_TEST(test_custom_md_meth
);
5180 ADD_TEST(test_custom_ciph_meth
);
5182 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
5183 /* Tests only support the default libctx */
5184 if (testctx
== NULL
) {
5185 # ifndef OPENSSL_NO_EC
5186 ADD_ALL_TESTS(test_signatures_with_engine
, 3);
5188 ADD_ALL_TESTS(test_signatures_with_engine
, 2);
5190 ADD_TEST(test_cipher_with_engine
);
5195 #ifndef OPENSSL_NO_ECX
5196 ADD_ALL_TESTS(test_ecx_short_keys
, OSSL_NELEM(ecxnids
));
5197 ADD_ALL_TESTS(test_ecx_not_private_key
, OSSL_NELEM(keys
));
5200 ADD_TEST(test_sign_continuation
);
5205 void cleanup_tests(void)
5207 OSSL_PROVIDER_unload(nullprov
);
5208 OSSL_PROVIDER_unload(deflprov
);
5209 #ifndef OPENSSL_SYS_TANDEM
5210 OSSL_PROVIDER_unload(lgcyprov
);
5212 OSSL_LIB_CTX_free(testctx
);