2 * Copyright 2015-2021 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/x509.h>
22 #include <openssl/pem.h>
23 #include <openssl/kdf.h>
24 #include <openssl/provider.h>
25 #include <openssl/core_names.h>
26 #include <openssl/params.h>
27 #include <openssl/param_build.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
30 #include <openssl/aes.h>
31 #include <openssl/decoder.h>
32 #include <openssl/rsa.h>
33 #include <openssl/engine.h>
35 #include "internal/nelem.h"
36 #include "internal/sizes.h"
37 #include "crypto/evp.h"
38 #include "../e_os.h" /* strcasecmp */
40 static OSSL_LIB_CTX
*testctx
= NULL
;
41 static char *testpropq
= NULL
;
43 static OSSL_PROVIDER
*nullprov
= NULL
;
44 static OSSL_PROVIDER
*deflprov
= NULL
;
45 static OSSL_PROVIDER
*lgcyprov
= NULL
;
48 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
49 * should never use this key anywhere but in an example.
51 static const unsigned char kExampleRSAKeyDER
[] = {
52 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
53 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
54 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
55 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
56 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
57 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
58 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
59 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
60 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
61 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
62 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
63 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
64 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
65 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
66 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
67 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
68 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
69 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
70 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
71 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
72 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
73 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
74 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
75 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
76 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
77 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
78 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
79 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
80 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
81 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
82 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
83 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
84 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
85 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
86 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
87 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
88 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
89 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
90 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
91 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
92 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
93 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
94 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
95 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
96 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
97 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
98 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
99 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
100 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
101 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
102 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
106 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
107 * should never use this key anywhere but in an example.
109 #ifndef OPENSSL_NO_DSA
110 static const unsigned char kExampleDSAKeyDER
[] = {
111 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
112 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
113 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
114 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
115 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
116 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
117 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
118 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
119 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
120 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
121 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
122 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
123 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
124 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
125 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
126 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
127 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
128 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
129 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
130 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
131 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
132 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
133 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
134 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
135 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
136 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
137 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
138 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
139 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
140 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
141 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
142 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
143 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
144 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
145 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
146 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
147 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
153 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
154 * components are not correct.
156 static const unsigned char kExampleBadRSAKeyDER
[] = {
157 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
158 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
159 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
160 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
161 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
162 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
163 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
164 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
165 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
166 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
167 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
168 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
169 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
170 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
171 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
172 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
173 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
174 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
175 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
176 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
177 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
178 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
179 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
180 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
181 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
182 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
183 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
184 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
185 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
186 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
187 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
188 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
189 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
190 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
191 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
192 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
193 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
194 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
195 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
196 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
197 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
198 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
199 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
200 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
201 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
202 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
203 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
204 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
205 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
206 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
207 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
208 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
209 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
210 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
211 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
212 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
213 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
214 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
215 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
216 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
217 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
218 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
219 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
220 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
221 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
222 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
223 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
224 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
225 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
226 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
227 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
228 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
229 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
230 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
231 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
232 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
233 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
234 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
235 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
236 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
237 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
238 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
239 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
240 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
241 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
242 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
243 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
244 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
245 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
248 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
250 static const unsigned char kSignature
[] = {
251 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
252 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
253 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
254 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
255 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
256 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
257 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
258 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
259 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
260 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
261 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
265 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
268 static const unsigned char kExampleRSAKeyPKCS8
[] = {
269 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
270 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
271 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
272 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
273 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
274 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
275 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
276 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
277 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
278 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
279 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
280 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
281 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
282 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
283 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
284 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
285 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
286 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
287 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
288 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
289 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
290 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
291 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
292 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
293 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
294 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
295 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
296 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
297 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
298 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
299 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
300 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
301 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
302 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
303 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
304 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
305 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
306 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
307 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
308 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
309 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
310 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
311 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
312 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
313 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
314 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
315 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
316 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
317 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
318 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
319 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
320 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
321 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
324 #ifndef OPENSSL_NO_EC
326 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
329 static const unsigned char kExampleECKeyDER
[] = {
330 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
331 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
332 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
333 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
334 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
335 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
336 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
337 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
338 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
339 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
344 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
345 * structure. The private key is equal to the order and will fail to import
347 static const unsigned char kExampleBadECKeyDER
[] = {
348 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
349 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
350 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
351 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
352 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
353 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
354 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
355 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
356 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
360 static const unsigned char kExampleECPubKeyDER
[] = {
361 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
362 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
363 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
364 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
365 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
366 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
367 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
368 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
372 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
373 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
375 static const unsigned char kExampleBadECPubKeyDER
[] = {
376 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
377 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
378 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
379 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
380 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
381 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
382 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
383 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
386 static const unsigned char pExampleECParamDER
[] = {
387 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
390 static const unsigned char kExampleED25519KeyDER
[] = {
391 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70,
392 0x04, 0x22, 0x04, 0x20, 0xba, 0x7b, 0xba, 0x20, 0x1b, 0x02, 0x75, 0x3a,
393 0xe8, 0x88, 0xfe, 0x00, 0xcd, 0x8b, 0xc6, 0xf4, 0x5c, 0x47, 0x09, 0x46,
394 0x66, 0xe4, 0x72, 0x85, 0x25, 0x26, 0x5e, 0x12, 0x33, 0x48, 0xf6, 0x50
397 static const unsigned char kExampleED25519PubKeyDER
[] = {
398 0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x70, 0x03, 0x21, 0x00,
399 0xf5, 0xc5, 0xeb, 0x52, 0x3e, 0x7d, 0x07, 0x86, 0xb2, 0x55, 0x07, 0x45,
400 0xef, 0x5b, 0x7c, 0x20, 0xe8, 0x66, 0x28, 0x30, 0x3c, 0x8a, 0x82, 0x40,
401 0x97, 0xa3, 0x08, 0xdc, 0x65, 0x80, 0x39, 0x29
404 # ifndef OPENSSL_NO_DEPRECATED_3_0
405 static const unsigned char kExampleX25519KeyDER
[] = {
406 0x30, 0x2e, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, 0x6e,
407 0x04, 0x22, 0x04, 0x20, 0xa0, 0x24, 0x3a, 0x31, 0x24, 0xc3, 0x3f, 0xf6,
408 0x7b, 0x96, 0x0b, 0xd4, 0x8f, 0xd1, 0xee, 0x67, 0xf2, 0x9b, 0x88, 0xac,
409 0x50, 0xce, 0x97, 0x36, 0xdd, 0xaf, 0x25, 0xf6, 0x10, 0x34, 0x96, 0x6e
414 /* kExampleDHKeyDER is a DH private key in ASN.1, DER format. */
415 #ifndef OPENSSL_NO_DEPRECATED_3_0
416 # ifndef OPENSSL_NO_DH
417 static const unsigned char kExampleDHKeyDER
[] = {
418 0x30, 0x82, 0x01, 0x21, 0x02, 0x01, 0x00, 0x30, 0x81, 0x95, 0x06, 0x09,
419 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x03, 0x01, 0x30, 0x81, 0x87,
420 0x02, 0x81, 0x81, 0x00, 0xf7, 0x52, 0xc2, 0x68, 0xcc, 0x66, 0xc4, 0x8d,
421 0x03, 0x3f, 0xfa, 0x9c, 0x52, 0xd0, 0xd8, 0x33, 0xf2, 0xe1, 0xc9, 0x9e,
422 0xb7, 0xe7, 0x6e, 0x90, 0x97, 0xeb, 0x92, 0x91, 0x6a, 0x9a, 0x85, 0x63,
423 0x92, 0x79, 0xab, 0xb6, 0x3d, 0x23, 0x58, 0x5a, 0xe8, 0x45, 0x06, 0x81,
424 0x97, 0x77, 0xe1, 0xcc, 0x34, 0x4e, 0xae, 0x36, 0x80, 0xf2, 0xc4, 0x7f,
425 0x8a, 0x52, 0xb8, 0xdb, 0x58, 0xc8, 0x4b, 0x12, 0x4c, 0xf1, 0x4c, 0x53,
426 0xc1, 0x89, 0x39, 0x8d, 0xb6, 0x06, 0xd8, 0xea, 0x7f, 0x2d, 0x36, 0x53,
427 0x96, 0x29, 0xbe, 0xb6, 0x75, 0xfc, 0xe7, 0xf3, 0x36, 0xd6, 0xf4, 0x8f,
428 0x16, 0xa6, 0xc7, 0xec, 0x7b, 0xce, 0x42, 0x8d, 0x48, 0x2e, 0xb7, 0x74,
429 0x00, 0x11, 0x52, 0x61, 0xb4, 0x19, 0x35, 0xec, 0x5c, 0xe4, 0xbe, 0x34,
430 0xc6, 0x59, 0x64, 0x5e, 0x42, 0x61, 0x70, 0x54, 0xf4, 0xe9, 0x6b, 0x53,
431 0x02, 0x01, 0x02, 0x04, 0x81, 0x83, 0x02, 0x81, 0x80, 0x64, 0xc2, 0xe3,
432 0x09, 0x69, 0x37, 0x3c, 0xd2, 0x4a, 0xba, 0xc3, 0x78, 0x6a, 0x9b, 0x8a,
433 0x2a, 0xdb, 0xe7, 0xe6, 0xc0, 0xfa, 0x3a, 0xbe, 0x39, 0x67, 0xc0, 0xa9,
434 0x2a, 0xf0, 0x0a, 0xc1, 0x53, 0x1c, 0xdb, 0xfa, 0x1a, 0x26, 0x98, 0xb0,
435 0x8c, 0xc6, 0x06, 0x4a, 0xa2, 0x48, 0xd3, 0xa4, 0x3b, 0xbd, 0x05, 0x48,
436 0xea, 0x59, 0xdb, 0x18, 0xa4, 0xca, 0x66, 0xd9, 0x5d, 0xb8, 0x95, 0xd1,
437 0xeb, 0x97, 0x3d, 0x66, 0x97, 0x5c, 0x86, 0x8f, 0x7e, 0x90, 0xd3, 0x43,
438 0xd1, 0xa2, 0x0d, 0xcb, 0xe7, 0xeb, 0x90, 0xea, 0x09, 0x40, 0xb1, 0x6f,
439 0xf7, 0x4c, 0xf2, 0x41, 0x83, 0x1d, 0xd0, 0x76, 0xef, 0xaf, 0x55, 0x6f,
440 0x5d, 0xa9, 0xa3, 0x55, 0x81, 0x2a, 0xd1, 0x5d, 0x9d, 0x22, 0x77, 0x97,
441 0x83, 0xde, 0xad, 0xb6, 0x5d, 0x19, 0xc1, 0x53, 0xec, 0xfb, 0xaf, 0x06,
442 0x2e, 0x87, 0x2a, 0x0b, 0x7a
447 static const unsigned char kCFBDefaultKey
[] = {
448 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, 0xAB, 0xF7, 0x15, 0x88,
449 0x09, 0xCF, 0x4F, 0x3C
452 static const unsigned char kGCMDefaultKey
[32] = { 0 };
454 static const unsigned char kGCMResetKey
[] = {
455 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, 0x6d, 0x6a, 0x8f, 0x94,
456 0x67, 0x30, 0x83, 0x08, 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
457 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
460 static const unsigned char iCFBIV
[] = {
461 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B,
462 0x0C, 0x0D, 0x0E, 0x0F
465 static const unsigned char iGCMDefaultIV
[12] = { 0 };
467 static const unsigned char iGCMResetIV1
[] = {
468 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad
471 static const unsigned char iGCMResetIV2
[] = {
472 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, 0xde, 0xca, 0xf8, 0x88
475 static const unsigned char cfbPlaintext
[] = {
476 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, 0xE9, 0x3D, 0x7E, 0x11,
477 0x73, 0x93, 0x17, 0x2A
480 static const unsigned char gcmDefaultPlaintext
[16] = { 0 };
482 static const unsigned char gcmResetPlaintext
[] = {
483 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, 0xa5, 0x59, 0x09, 0xc5,
484 0xaf, 0xf5, 0x26, 0x9a, 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
485 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, 0x1c, 0x3c, 0x0c, 0x95,
486 0x95, 0x68, 0x09, 0x53, 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
487 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, 0xba, 0x63, 0x7b, 0x39
490 static const unsigned char cfbCiphertext
[] = {
491 0x3B, 0x3F, 0xD9, 0x2E, 0xB7, 0x2D, 0xAD, 0x20, 0x33, 0x34, 0x49, 0xF8,
492 0xE8, 0x3C, 0xFB, 0x4A
495 static const unsigned char gcmDefaultCiphertext
[] = {
496 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e, 0x07, 0x4e, 0xc5, 0xd3,
497 0xba, 0xf3, 0x9d, 0x18
500 static const unsigned char gcmResetCiphertext1
[] = {
501 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32, 0xae, 0x47, 0xc1, 0x3b,
502 0xf1, 0x98, 0x44, 0xcb, 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
503 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0, 0xfe, 0xb5, 0x82, 0xd3,
504 0x39, 0x34, 0xa4, 0xf0, 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
505 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99, 0xf4, 0x7c, 0x9b, 0x1f
508 static const unsigned char gcmResetCiphertext2
[] = {
509 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, 0xf4, 0x7f, 0x37, 0xa3,
510 0x2a, 0x84, 0x42, 0x7d, 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
511 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, 0x8c, 0xb0, 0x8e, 0x48,
512 0x59, 0x0d, 0xbb, 0x3d, 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
513 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, 0xbc, 0xc9, 0xf6, 0x62
516 static const unsigned char gcmAAD
[] = {
517 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, 0xfe, 0xed, 0xfa, 0xce,
518 0xde, 0xad, 0xbe, 0xef, 0xab, 0xad, 0xda, 0xd2
521 static const unsigned char gcmDefaultTag
[] = {
522 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0, 0x26, 0x5b, 0x98, 0xb5,
523 0xd4, 0x8a, 0xb9, 0x19
526 static const unsigned char gcmResetTag1
[] = {
527 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4, 0x5e, 0x45, 0x49, 0x13,
528 0xfe, 0x2e, 0xa8, 0xf2
531 static const unsigned char gcmResetTag2
[] = {
532 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, 0xcd, 0xdf, 0x88, 0x53,
533 0xbb, 0x2d, 0x55, 0x1b
536 typedef struct APK_DATA_st
{
537 const unsigned char *kder
;
544 int type
; /* 0 for private, 1 for public, 2 for params */
547 static APK_DATA keydata
[] = {
548 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
},
549 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), "RSA", EVP_PKEY_RSA
},
550 #ifndef OPENSSL_NO_EC
551 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
}
555 static APK_DATA keycheckdata
[] = {
556 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), "RSA", EVP_PKEY_RSA
, 1, 1, 1,
558 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), "RSA", EVP_PKEY_RSA
,
560 #ifndef OPENSSL_NO_EC
561 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), "EC", EVP_PKEY_EC
, 1, 1, 1, 0},
562 /* group is also associated in our pub key */
563 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), "EC", EVP_PKEY_EC
, 0, 1,
565 {pExampleECParamDER
, sizeof(pExampleECParamDER
), "EC", EVP_PKEY_EC
, 0, 0, 1,
567 {kExampleED25519KeyDER
, sizeof(kExampleED25519KeyDER
), "ED25519",
568 EVP_PKEY_ED25519
, 1, 1, 1, 0},
569 {kExampleED25519PubKeyDER
, sizeof(kExampleED25519PubKeyDER
), "ED25519",
570 EVP_PKEY_ED25519
, 0, 1, 1, 1},
574 static EVP_PKEY
*load_example_key(const char *keytype
,
575 const unsigned char *data
, size_t data_len
)
577 const unsigned char **pdata
= &data
;
578 EVP_PKEY
*pkey
= NULL
;
579 OSSL_DECODER_CTX
*dctx
=
580 OSSL_DECODER_CTX_new_for_pkey(&pkey
, "DER", NULL
, keytype
, 0,
583 /* |pkey| will be NULL on error */
584 (void)OSSL_DECODER_from_data(dctx
, pdata
, &data_len
);
585 OSSL_DECODER_CTX_free(dctx
);
589 static EVP_PKEY
*load_example_rsa_key(void)
591 return load_example_key("RSA", kExampleRSAKeyDER
,
592 sizeof(kExampleRSAKeyDER
));
595 #ifndef OPENSSL_NO_DSA
596 static EVP_PKEY
*load_example_dsa_key(void)
598 return load_example_key("DSA", kExampleDSAKeyDER
,
599 sizeof(kExampleDSAKeyDER
));
603 #ifndef OPENSSL_NO_EC
604 static EVP_PKEY
*load_example_ec_key(void)
606 return load_example_key("EC", kExampleECKeyDER
,
607 sizeof(kExampleECKeyDER
));
611 #ifndef OPENSSL_NO_DEPRECATED_3_0
612 # ifndef OPENSSL_NO_DH
613 static EVP_PKEY
*load_example_dh_key(void)
615 return load_example_key("DH", kExampleDHKeyDER
,
616 sizeof(kExampleDHKeyDER
));
620 # ifndef OPENSSL_NO_EC
621 static EVP_PKEY
*load_example_ed25519_key(void)
623 return load_example_key("ED25519", kExampleED25519KeyDER
,
624 sizeof(kExampleED25519KeyDER
));
627 static EVP_PKEY
*load_example_x25519_key(void)
629 return load_example_key("X25519", kExampleX25519KeyDER
,
630 sizeof(kExampleX25519KeyDER
));
633 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
635 static EVP_PKEY
*load_example_hmac_key(void)
637 EVP_PKEY
*pkey
= NULL
;
638 unsigned char key
[] = {
639 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
640 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
641 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
644 pkey
= EVP_PKEY_new_raw_private_key_ex(testctx
, "HMAC",
645 NULL
, key
, sizeof(key
));
652 static int test_EVP_set_default_properties(void)
658 if (!TEST_ptr(ctx
= OSSL_LIB_CTX_new())
659 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
664 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
665 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
666 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
671 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
672 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
677 OSSL_LIB_CTX_free(ctx
);
681 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_EC)
682 static EVP_PKEY
*make_key_fromdata(char *keytype
, OSSL_PARAM
*params
)
684 EVP_PKEY_CTX
*pctx
= NULL
;
685 EVP_PKEY
*tmp_pkey
= NULL
, *pkey
= NULL
;
687 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, keytype
, testpropq
)))
689 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
690 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &tmp_pkey
, EVP_PKEY_KEYPAIR
,
694 if (!TEST_ptr(tmp_pkey
))
700 EVP_PKEY_free(tmp_pkey
);
701 EVP_PKEY_CTX_free(pctx
);
705 static int test_selection(EVP_PKEY
*pkey
, int selection
)
709 BIO
*bio
= BIO_new(BIO_s_mem());
711 ret
= PEM_write_bio_PUBKEY(bio
, pkey
);
712 if ((selection
& OSSL_KEYMGMT_SELECT_PUBLIC_KEY
) != 0) {
716 if (!TEST_false(ret
))
719 ret
= PEM_write_bio_PrivateKey_ex(bio
, pkey
, NULL
, NULL
, 0, NULL
, NULL
,
721 if ((selection
& OSSL_KEYMGMT_SELECT_PRIVATE_KEY
) != 0) {
725 if (!TEST_false(ret
))
735 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA || !OPENSSL_NO_EC */
738 * Test combinations of private, public, missing and private + public key
739 * params to ensure they are all accepted
741 #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_DSA)
742 static int test_EVP_PKEY_ffc_priv_pub(char *keytype
)
744 OSSL_PARAM_BLD
*bld
= NULL
;
745 OSSL_PARAM
*params
= NULL
;
746 EVP_PKEY
*just_params
= NULL
;
747 EVP_PKEY
*params_and_priv
= NULL
;
748 EVP_PKEY
*params_and_pub
= NULL
;
749 EVP_PKEY
*params_and_keypair
= NULL
;
750 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
754 * Setup the parameters for our pkey object. For our purposes they don't
755 * have to actually be *valid* parameters. We just need to set something.
757 if (!TEST_ptr(p
= BN_new())
758 || !TEST_ptr(q
= BN_new())
759 || !TEST_ptr(g
= BN_new())
760 || !TEST_ptr(pub
= BN_new())
761 || !TEST_ptr(priv
= BN_new()))
764 /* Test !priv and !pub */
765 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
766 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
767 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
768 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
)))
770 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
771 || !TEST_ptr(just_params
= make_key_fromdata(keytype
, params
)))
774 OSSL_PARAM_free(params
);
775 OSSL_PARAM_BLD_free(bld
);
779 if (!test_selection(just_params
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
780 || test_selection(just_params
, OSSL_KEYMGMT_SELECT_KEYPAIR
))
783 /* Test priv and !pub */
784 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
785 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
786 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
787 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
788 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
791 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
792 || !TEST_ptr(params_and_priv
= make_key_fromdata(keytype
, params
)))
795 OSSL_PARAM_free(params
);
796 OSSL_PARAM_BLD_free(bld
);
800 if (!test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
)
801 || test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
804 /* Test !priv and pub */
805 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
806 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
807 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
808 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
809 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
812 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
813 || !TEST_ptr(params_and_pub
= make_key_fromdata(keytype
, params
)))
816 OSSL_PARAM_free(params
);
817 OSSL_PARAM_BLD_free(bld
);
821 if (!test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
)
822 || test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
825 /* Test priv and pub */
826 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
827 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
828 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
829 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
830 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
832 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
835 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
836 || !TEST_ptr(params_and_keypair
= make_key_fromdata(keytype
, params
)))
839 if (!test_selection(params_and_keypair
, EVP_PKEY_KEYPAIR
))
844 OSSL_PARAM_free(params
);
845 OSSL_PARAM_BLD_free(bld
);
846 EVP_PKEY_free(just_params
);
847 EVP_PKEY_free(params_and_priv
);
848 EVP_PKEY_free(params_and_pub
);
849 EVP_PKEY_free(params_and_keypair
);
858 #endif /* !OPENSSL_NO_DH || !OPENSSL_NO_DSA */
861 * Test combinations of private, public, missing and private + public key
862 * params to ensure they are all accepted for EC keys
864 #ifndef OPENSSL_NO_EC
865 static unsigned char ec_priv
[] = {
866 0xe9, 0x25, 0xf7, 0x66, 0x58, 0xa4, 0xdd, 0x99, 0x61, 0xe7, 0xe8, 0x23,
867 0x85, 0xc2, 0xe8, 0x33, 0x27, 0xc5, 0x5c, 0xeb, 0xdb, 0x43, 0x9f, 0xd5,
868 0xf2, 0x5a, 0x75, 0x55, 0xd0, 0x2e, 0x6d, 0x16
870 static unsigned char ec_pub
[] = {
871 0x04, 0xad, 0x11, 0x90, 0x77, 0x4b, 0x46, 0xee, 0x72, 0x51, 0x15, 0x97,
872 0x4a, 0x6a, 0xa7, 0xaf, 0x59, 0xfa, 0x4b, 0xf2, 0x41, 0xc8, 0x3a, 0x81,
873 0x23, 0xb6, 0x90, 0x04, 0x6c, 0x67, 0x66, 0xd0, 0xdc, 0xf2, 0x15, 0x1d,
874 0x41, 0x61, 0xb7, 0x95, 0x85, 0x38, 0x5a, 0x84, 0x56, 0xe8, 0xb3, 0x0e,
875 0xf5, 0xc6, 0x5d, 0xa4, 0x54, 0x26, 0xb0, 0xf7, 0xa5, 0x4a, 0x33, 0xf1,
876 0x08, 0x09, 0xb8, 0xdb, 0x03
879 static int test_EC_priv_pub(void)
881 OSSL_PARAM_BLD
*bld
= NULL
;
882 OSSL_PARAM
*params
= NULL
;
883 EVP_PKEY
*just_params
= NULL
;
884 EVP_PKEY
*params_and_priv
= NULL
;
885 EVP_PKEY
*params_and_pub
= NULL
;
886 EVP_PKEY
*params_and_keypair
= NULL
;
891 * Setup the parameters for our pkey object. For our purposes they don't
892 * have to actually be *valid* parameters. We just need to set something.
894 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
897 /* Test !priv and !pub */
898 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
899 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
900 OSSL_PKEY_PARAM_GROUP_NAME
,
903 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
904 || !TEST_ptr(just_params
= make_key_fromdata("EC", params
)))
907 OSSL_PARAM_free(params
);
908 OSSL_PARAM_BLD_free(bld
);
912 if (!test_selection(just_params
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
913 || test_selection(just_params
, OSSL_KEYMGMT_SELECT_KEYPAIR
))
916 /* Test priv and !pub */
917 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
918 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
919 OSSL_PKEY_PARAM_GROUP_NAME
,
921 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
924 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
925 || !TEST_ptr(params_and_priv
= make_key_fromdata("EC", params
)))
928 OSSL_PARAM_free(params
);
929 OSSL_PARAM_BLD_free(bld
);
934 * We indicate only parameters here, in spite of having built a key that
935 * has a private part, because the PEM_write_bio_PrivateKey_ex call is
936 * expected to fail because it does not support exporting a private EC
937 * key without a corresponding public key
939 if (!test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_ALL_PARAMETERS
)
940 || test_selection(params_and_priv
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
))
943 /* Test !priv and pub */
944 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
945 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
946 OSSL_PKEY_PARAM_GROUP_NAME
,
948 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
949 OSSL_PKEY_PARAM_PUB_KEY
,
950 ec_pub
, sizeof(ec_pub
))))
952 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
953 || !TEST_ptr(params_and_pub
= make_key_fromdata("EC", params
)))
956 OSSL_PARAM_free(params
);
957 OSSL_PARAM_BLD_free(bld
);
961 if (!test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PUBLIC_KEY
)
962 || test_selection(params_and_pub
, OSSL_KEYMGMT_SELECT_PRIVATE_KEY
))
965 /* Test priv and pub */
966 if (!TEST_ptr(bld
= OSSL_PARAM_BLD_new())
967 || !TEST_true(OSSL_PARAM_BLD_push_utf8_string(bld
,
968 OSSL_PKEY_PARAM_GROUP_NAME
,
970 || !TEST_true(OSSL_PARAM_BLD_push_octet_string(bld
,
971 OSSL_PKEY_PARAM_PUB_KEY
,
972 ec_pub
, sizeof(ec_pub
)))
973 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
976 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
))
977 || !TEST_ptr(params_and_keypair
= make_key_fromdata("EC", params
)))
980 if (!test_selection(params_and_keypair
, EVP_PKEY_KEYPAIR
))
985 OSSL_PARAM_free(params
);
986 OSSL_PARAM_BLD_free(bld
);
987 EVP_PKEY_free(just_params
);
988 EVP_PKEY_free(params_and_priv
);
989 EVP_PKEY_free(params_and_pub
);
990 EVP_PKEY_free(params_and_keypair
);
996 /* Test that using a legacy EC key with only a private key in it works */
997 # ifndef OPENSSL_NO_DEPRECATED_3_0
998 static int test_EC_priv_only_legacy(void)
1000 BIGNUM
*priv
= NULL
;
1002 EC_KEY
*eckey
= NULL
;
1003 EVP_PKEY
*pkey
= NULL
, *dup_pk
= NULL
;
1004 EVP_MD_CTX
*ctx
= NULL
;
1006 /* Create the low level EC_KEY */
1007 if (!TEST_ptr(priv
= BN_bin2bn(ec_priv
, sizeof(ec_priv
), NULL
)))
1010 eckey
= EC_KEY_new_by_curve_name(NID_X9_62_prime256v1
);
1011 if (!TEST_ptr(eckey
))
1014 if (!TEST_true(EC_KEY_set_private_key(eckey
, priv
)))
1017 pkey
= EVP_PKEY_new();
1018 if (!TEST_ptr(pkey
))
1021 if (!TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1025 while (dup_pk
== NULL
) {
1027 ctx
= EVP_MD_CTX_new();
1032 * The EVP_DigestSignInit function should create the key on the
1033 * provider side which is sufficient for this test.
1035 if (!TEST_true(EVP_DigestSignInit_ex(ctx
, NULL
, NULL
, testctx
,
1036 testpropq
, pkey
, NULL
)))
1038 EVP_MD_CTX_free(ctx
);
1041 if (!TEST_ptr(dup_pk
= EVP_PKEY_dup(pkey
)))
1043 /* EVP_PKEY_eq() returns -2 with missing public keys */
1044 ret
= TEST_int_eq(EVP_PKEY_eq(pkey
, dup_pk
), -2);
1045 EVP_PKEY_free(pkey
);
1052 EVP_MD_CTX_free(ctx
);
1053 EVP_PKEY_free(pkey
);
1059 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
1060 #endif /* OPENSSL_NO_EC */
1062 static int test_EVP_PKEY_sign(int tst
)
1065 EVP_PKEY
*pkey
= NULL
;
1066 unsigned char *sig
= NULL
;
1067 size_t sig_len
= 0, shortsig_len
= 1;
1068 EVP_PKEY_CTX
*ctx
= NULL
;
1069 unsigned char tbs
[] = {
1070 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1071 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
1075 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1077 } else if (tst
== 1) {
1078 #ifndef OPENSSL_NO_DSA
1079 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1086 #ifndef OPENSSL_NO_EC
1087 if (!TEST_ptr(pkey
= load_example_ec_key()))
1095 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, NULL
);
1097 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0)
1098 || !TEST_int_gt(EVP_PKEY_sign(ctx
, NULL
, &sig_len
, tbs
,
1101 sig
= OPENSSL_malloc(sig_len
);
1103 /* Test sending a signature buffer that is too short is rejected */
1104 || !TEST_int_le(EVP_PKEY_sign(ctx
, sig
, &shortsig_len
, tbs
,
1106 || !TEST_int_gt(EVP_PKEY_sign(ctx
, sig
, &sig_len
, tbs
, sizeof(tbs
)),
1108 /* Test the signature round-trips */
1109 || !TEST_int_gt(EVP_PKEY_verify_init(ctx
), 0)
1110 || !TEST_int_gt(EVP_PKEY_verify(ctx
, sig
, sig_len
, tbs
, sizeof(tbs
)),
1116 EVP_PKEY_CTX_free(ctx
);
1118 EVP_PKEY_free(pkey
);
1123 * n = 0 => test using legacy cipher
1124 * n = 1 => test using fetched cipher
1126 static int test_EVP_Enveloped(int n
)
1129 EVP_CIPHER_CTX
*ctx
= NULL
;
1130 EVP_PKEY
*keypair
= NULL
;
1131 unsigned char *kek
= NULL
;
1132 unsigned char iv
[EVP_MAX_IV_LENGTH
];
1133 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
1134 int len
, kek_len
, ciphertext_len
, plaintext_len
;
1135 unsigned char ciphertext
[32], plaintext
[16];
1136 EVP_CIPHER
*type
= NULL
;
1138 if (nullprov
!= NULL
)
1139 return TEST_skip("Test does not support a non-default library context");
1142 type
= (EVP_CIPHER
*)EVP_aes_256_cbc();
1143 else if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "AES-256-CBC",
1147 if (!TEST_ptr(keypair
= load_example_rsa_key())
1148 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_get_size(keypair
)))
1149 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1150 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
1152 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
1154 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
1158 ciphertext_len
+= len
;
1160 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
1161 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
1162 ciphertext
, ciphertext_len
))
1163 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
1166 plaintext_len
+= len
;
1167 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
1173 EVP_CIPHER_free(type
);
1175 EVP_PKEY_free(keypair
);
1176 EVP_CIPHER_CTX_free(ctx
);
1181 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
1182 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
1183 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
1184 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
1185 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
1186 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
1187 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
1188 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
1189 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
1190 * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
1191 * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
1192 * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
1193 * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
1194 * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
1195 * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
1196 * Test 15-29: Same as above with reinitialization
1198 static int test_EVP_DigestSignInit(int tst
)
1201 EVP_PKEY
*pkey
= NULL
;
1202 unsigned char *sig
= NULL
, *sig2
= NULL
;
1203 size_t sig_len
= 0, sig2_len
= 0, shortsig_len
= 1;
1204 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
1205 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
1206 BIO
*mdbio
= NULL
, *membio
= NULL
;
1209 EVP_MD
*mdexp
= NULL
;
1212 if (nullprov
!= NULL
)
1213 return TEST_skip("Test does not support a non-default library context");
1220 if (tst
>= 6 && tst
<= 8) {
1221 membio
= BIO_new(BIO_s_mem());
1222 mdbio
= BIO_new(BIO_f_md());
1223 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
1225 BIO_push(mdbio
, membio
);
1226 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
1229 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
1230 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
1235 if (!TEST_ptr(pkey
= load_example_rsa_key()))
1237 } else if (tst
% 3 == 1) {
1238 #ifndef OPENSSL_NO_DSA
1239 if (!TEST_ptr(pkey
= load_example_dsa_key()))
1246 if (!TEST_ptr(pkey
= load_example_hmac_key()))
1250 if (tst
>= 3 && tst
<= 5)
1251 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
1255 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
1258 if (reinit
&& !TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, NULL
, NULL
, NULL
)))
1261 if (tst
>= 6 && tst
<= 8) {
1262 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
1264 } else if (tst
< 6) {
1265 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1270 /* Determine the size of the signature. */
1271 if (!TEST_true(EVP_DigestSign(md_ctx
, NULL
, &sig_len
, kMsg
,
1273 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1276 /* Test that supply a short sig buffer fails */
1277 if (!TEST_false(EVP_DigestSign(md_ctx
, sig
, &shortsig_len
, kMsg
,
1281 * We end here because once EVP_DigestSign() has failed you should
1282 * not call it again without re-initing the ctx
1287 if (!TEST_true(EVP_DigestSign(md_ctx
, sig
, &sig_len
, kMsg
,
1291 /* Determine the size of the signature. */
1292 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
1293 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
1295 * Trying to create a signature with a deliberately short
1296 * buffer should fail.
1298 || !TEST_false(EVP_DigestSignFinal(md_ctx
, sig
, &shortsig_len
))
1299 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1304 * Ensure that the signature round-trips (Verification isn't supported for
1305 * HMAC via EVP_DigestVerify*)
1308 if (tst
>= 6 && tst
<= 8) {
1309 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
1310 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
1314 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
1318 if (tst
>= 6 && tst
<= 8) {
1319 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
1322 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
1326 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1329 /* Multiple calls to EVP_DigestVerifyFinal should work */
1330 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1334 * For HMAC a doubled call to DigestSignFinal should produce the same
1335 * value as finalization should not happen.
1337 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig2_len
))
1338 || !TEST_ptr(sig2
= OPENSSL_malloc(sig2_len
))
1339 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig2
, &sig2_len
)))
1342 if (!TEST_mem_eq(sig
, sig_len
, sig2
, sig2_len
))
1351 EVP_MD_CTX_free(a_md_ctx
);
1352 EVP_MD_CTX_free(a_md_ctx_verify
);
1353 EVP_PKEY_free(pkey
);
1361 static int test_EVP_DigestVerifyInit(void)
1364 EVP_PKEY
*pkey
= NULL
;
1365 EVP_MD_CTX
*md_ctx
= NULL
;
1367 if (nullprov
!= NULL
)
1368 return TEST_skip("Test does not support a non-default library context");
1370 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
1371 || !TEST_ptr(pkey
= load_example_rsa_key()))
1374 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
1375 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1376 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1377 sizeof(kSignature
)), 0))
1380 /* test with reinitialization */
1381 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, NULL
, NULL
, NULL
))
1382 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1383 || !TEST_int_gt(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
1384 sizeof(kSignature
)), 0))
1389 EVP_MD_CTX_free(md_ctx
);
1390 EVP_PKEY_free(pkey
);
1394 #ifndef OPENSSL_NO_SIPHASH
1395 /* test SIPHASH MAC via EVP_PKEY with non-default parameters and reinit */
1396 static int test_siphash_digestsign(void)
1398 unsigned char key
[16];
1399 unsigned char buf
[8], digest
[8];
1400 unsigned char expected
[8] = {
1401 0x6d, 0x3e, 0x54, 0xc2, 0x2f, 0xf1, 0xfe, 0xe2
1403 EVP_PKEY
*pkey
= NULL
;
1404 EVP_MD_CTX
*mdctx
= NULL
;
1405 EVP_PKEY_CTX
*ctx
= NULL
;
1409 if (nullprov
!= NULL
)
1410 return TEST_skip("Test does not support a non-default library context");
1414 if (!TEST_ptr(pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_SIPHASH
, NULL
,
1418 if (!TEST_ptr(mdctx
= EVP_MD_CTX_create()))
1421 if (!TEST_true(EVP_DigestSignInit(mdctx
, &ctx
, NULL
, NULL
, pkey
)))
1423 if (!TEST_int_eq(EVP_PKEY_CTX_ctrl(ctx
, -1, EVP_PKEY_OP_SIGNCTX
,
1424 EVP_PKEY_CTRL_SET_DIGEST_SIZE
,
1428 if (!TEST_true(EVP_DigestSignInit(mdctx
, NULL
, NULL
, NULL
, NULL
)))
1430 if (!TEST_true(EVP_DigestSignUpdate(mdctx
, buf
, 8)))
1432 if (!TEST_true(EVP_DigestSignFinal(mdctx
, digest
, &len
)))
1434 if (!TEST_mem_eq(digest
, len
, expected
, sizeof(expected
)))
1439 EVP_PKEY_free(pkey
);
1440 EVP_MD_CTX_free(mdctx
);
1446 * Test corner cases of EVP_DigestInit/Update/Final API call behavior.
1448 static int test_EVP_Digest(void)
1451 EVP_MD_CTX
*md_ctx
= NULL
;
1452 unsigned char md
[EVP_MAX_MD_SIZE
];
1453 EVP_MD
*sha256
= NULL
;
1454 EVP_MD
*shake256
= NULL
;
1456 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1459 if (!TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", testpropq
))
1460 || !TEST_ptr(shake256
= EVP_MD_fetch(testctx
, "shake256", testpropq
)))
1463 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1464 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1465 || !TEST_true(EVP_DigestFinal(md_ctx
, md
, NULL
))
1466 /* EVP_DigestFinal resets the EVP_MD_CTX. */
1467 || !TEST_ptr_eq(EVP_MD_CTX_get0_md(md_ctx
), NULL
))
1470 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, sha256
, NULL
))
1471 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1472 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md
, NULL
))
1473 /* EVP_DigestFinal_ex does not reset the EVP_MD_CTX. */
1474 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1476 * EVP_DigestInit_ex with NULL type should work on
1477 * pre-initialized context.
1479 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1482 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, shake256
, NULL
))
1483 || !TEST_true(EVP_DigestUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
1484 || !TEST_true(EVP_DigestFinalXOF(md_ctx
, md
, sizeof(md
)))
1485 /* EVP_DigestFinalXOF does not reset the EVP_MD_CTX. */
1486 || !TEST_ptr(EVP_MD_CTX_get0_md(md_ctx
))
1487 || !TEST_true(EVP_DigestInit_ex(md_ctx
, NULL
, NULL
)))
1492 EVP_MD_CTX_free(md_ctx
);
1493 EVP_MD_free(sha256
);
1494 EVP_MD_free(shake256
);
1498 static int test_EVP_md_null(void)
1501 EVP_MD_CTX
*md_ctx
= NULL
;
1502 const EVP_MD
*md_null
= EVP_md_null();
1503 unsigned char md_value
[EVP_MAX_MD_SIZE
];
1504 unsigned int md_len
= sizeof(md_value
);
1506 if (nullprov
!= NULL
)
1507 return TEST_skip("Test does not support a non-default library context");
1509 if (!TEST_ptr(md_null
)
1510 || !TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1513 if (!TEST_true(EVP_DigestInit_ex(md_ctx
, md_null
, NULL
))
1514 || !TEST_true(EVP_DigestUpdate(md_ctx
, "test", 4))
1515 || !TEST_true(EVP_DigestFinal_ex(md_ctx
, md_value
, &md_len
)))
1518 if (!TEST_uint_eq(md_len
, 0))
1523 EVP_MD_CTX_free(md_ctx
);
1527 static int test_d2i_AutoPrivateKey(int i
)
1530 const unsigned char *p
;
1531 EVP_PKEY
*pkey
= NULL
;
1532 const APK_DATA
*ak
= &keydata
[i
];
1533 const unsigned char *input
= ak
->kder
;
1534 size_t input_len
= ak
->size
;
1535 int expected_id
= ak
->evptype
;
1538 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1539 || !TEST_ptr_eq(p
, input
+ input_len
)
1540 || !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
1546 EVP_PKEY_free(pkey
);
1550 #ifndef OPENSSL_NO_EC
1552 static const unsigned char ec_public_sect163k1_validxy
[] = {
1553 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1554 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1555 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1556 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
1557 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1558 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1561 static const unsigned char ec_public_sect163k1_badx
[] = {
1562 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1563 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1564 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1565 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
1566 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1567 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
1570 static const unsigned char ec_public_sect163k1_bady
[] = {
1571 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
1572 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
1573 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
1574 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
1575 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
1576 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
1579 static struct ec_der_pub_keys_st
{
1580 const unsigned char *der
;
1583 } ec_der_pub_keys
[] = {
1584 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
1585 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
1586 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
1590 * Tests the range of the decoded EC char2 public point.
1591 * See ec_GF2m_simple_oct2point().
1593 static int test_invalide_ec_char2_pub_range_decode(int id
)
1598 pkey
= load_example_key("EC", ec_der_pub_keys
[id
].der
,
1599 ec_der_pub_keys
[id
].len
);
1601 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(pkey
))
1602 || TEST_ptr_null(pkey
);
1603 EVP_PKEY_free(pkey
);
1607 /* Tests loading a bad key in PKCS8 format */
1608 static int test_EVP_PKCS82PKEY(void)
1611 const unsigned char *derp
= kExampleBadECKeyDER
;
1612 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1613 EVP_PKEY
*pkey
= NULL
;
1615 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
1616 sizeof(kExampleBadECKeyDER
))))
1619 if (!TEST_ptr_eq(derp
,
1620 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
1623 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
1629 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1630 EVP_PKEY_free(pkey
);
1636 static int test_EVP_PKCS82PKEY_wrong_tag(void)
1638 EVP_PKEY
*pkey
= NULL
;
1639 EVP_PKEY
*pkey2
= NULL
;
1641 char *membuf
= NULL
;
1642 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
1645 if (testctx
!= NULL
)
1646 /* test not supported with non-default context */
1649 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1650 || !TEST_ptr(pkey
= load_example_rsa_key())
1651 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1652 NULL
, 0, NULL
, NULL
),
1654 || !TEST_int_gt(BIO_get_mem_data(membio
, &membuf
), 0)
1655 || !TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO_bio(membio
, NULL
))
1656 || !TEST_ptr(pkey2
= EVP_PKCS82PKEY(p8inf
))
1657 || !TEST_int_eq(ERR_peek_last_error(), 0)) {
1663 EVP_PKEY_free(pkey
);
1664 EVP_PKEY_free(pkey2
);
1665 PKCS8_PRIV_KEY_INFO_free(p8inf
);
1666 BIO_free_all(membio
);
1670 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
1671 static int test_privatekey_to_pkcs8(void)
1673 EVP_PKEY
*pkey
= NULL
;
1675 char *membuf
= NULL
;
1676 long membuf_len
= 0;
1679 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
1680 || !TEST_ptr(pkey
= load_example_rsa_key())
1681 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
1682 NULL
, 0, NULL
, NULL
),
1684 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
1685 || !TEST_ptr(membuf
)
1686 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
1687 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
1689 * We try to write PEM as well, just to see that it doesn't err, but
1690 * assume that the result is correct.
1692 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
1693 NULL
, 0, NULL
, NULL
),
1699 EVP_PKEY_free(pkey
);
1700 BIO_free_all(membio
);
1704 #ifndef OPENSSL_NO_EC
1705 static const struct {
1707 const char *encoding_name
;
1708 } ec_encodings
[] = {
1709 { OPENSSL_EC_EXPLICIT_CURVE
, OSSL_PKEY_EC_ENCODING_EXPLICIT
},
1710 { OPENSSL_EC_NAMED_CURVE
, OSSL_PKEY_EC_ENCODING_GROUP
}
1713 static int ec_export_get_encoding_cb(const OSSL_PARAM params
[], void *arg
)
1715 const OSSL_PARAM
*p
;
1716 const char *enc_name
= NULL
;
1722 if (!TEST_ptr(p
= OSSL_PARAM_locate_const(params
,
1723 OSSL_PKEY_PARAM_EC_ENCODING
))
1724 || !TEST_true(OSSL_PARAM_get_utf8_string_ptr(p
, &enc_name
)))
1727 for (i
= 0; i
< OSSL_NELEM(ec_encodings
); i
++) {
1728 if (strcasecmp(enc_name
, ec_encodings
[i
].encoding_name
) == 0) {
1729 *enc
= ec_encodings
[i
].encoding
;
1734 return (*enc
!= -1);
1737 static int test_EC_keygen_with_enc(int idx
)
1739 EVP_PKEY
*params
= NULL
, *key
= NULL
;
1740 EVP_PKEY_CTX
*pctx
= NULL
, *kctx
= NULL
;
1744 enc
= ec_encodings
[idx
].encoding
;
1746 /* Create key parameters */
1747 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "EC", NULL
))
1748 || !TEST_int_gt(EVP_PKEY_paramgen_init(pctx
), 0)
1749 || !TEST_true(EVP_PKEY_CTX_set_group_name(pctx
, "P-256"))
1750 || !TEST_true(EVP_PKEY_CTX_set_ec_param_enc(pctx
, enc
))
1751 || !TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
))
1752 || !TEST_ptr(params
))
1756 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, params
, NULL
))
1757 || !TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
1758 || !TEST_true(EVP_PKEY_keygen(kctx
, &key
))
1762 /* Check that the encoding got all the way into the key */
1763 if (!TEST_true(evp_keymgmt_util_export(key
, OSSL_KEYMGMT_SELECT_ALL
,
1764 ec_export_get_encoding_cb
, &enc
))
1765 || !TEST_int_eq(enc
, ec_encodings
[idx
].encoding
))
1771 EVP_PKEY_free(params
);
1772 EVP_PKEY_CTX_free(kctx
);
1773 EVP_PKEY_CTX_free(pctx
);
1778 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1780 static int test_EVP_SM2_verify(void)
1782 const char *pubkey
=
1783 "-----BEGIN PUBLIC KEY-----\n"
1784 "MFkwEwYHKoZIzj0CAQYIKoEcz1UBgi0DQgAEp1KLWq1ZE2jmoAnnBJE1LBGxVr18\n"
1785 "YvvqECWCpXfAQ9qUJ+UmthnUPf0iM3SaXKHe6PlLIDyNlWMWb9RUh/yU3g==\n"
1786 "-----END PUBLIC KEY-----\n";
1788 const char *msg
= "message digest";
1789 const char *id
= "ALICE123@YAHOO.COM";
1791 const uint8_t signature
[] = {
1792 0x30, 0x44, 0x02, 0x20, 0x5b, 0xdb, 0xab, 0x81, 0x4f, 0xbb,
1793 0x8b, 0x69, 0xb1, 0x05, 0x9c, 0x99, 0x3b, 0xb2, 0x45, 0x06,
1794 0x4a, 0x30, 0x15, 0x59, 0x84, 0xcd, 0xee, 0x30, 0x60, 0x36,
1795 0x57, 0x87, 0xef, 0x5c, 0xd0, 0xbe, 0x02, 0x20, 0x43, 0x8d,
1796 0x1f, 0xc7, 0x77, 0x72, 0x39, 0xbb, 0x72, 0xe1, 0xfd, 0x07,
1797 0x58, 0xd5, 0x82, 0xc8, 0x2d, 0xba, 0x3b, 0x2c, 0x46, 0x24,
1798 0xe3, 0x50, 0xff, 0x04, 0xc7, 0xa0, 0x71, 0x9f, 0xa4, 0x70
1803 EVP_PKEY
*pkey
= NULL
;
1804 EVP_MD_CTX
*mctx
= NULL
;
1805 EVP_PKEY_CTX
*pctx
= NULL
;
1808 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
1809 if (!TEST_true(bio
!= NULL
))
1812 pkey
= PEM_read_bio_PUBKEY_ex(bio
, NULL
, NULL
, NULL
, testctx
, testpropq
);
1813 if (!TEST_true(pkey
!= NULL
))
1816 if (!TEST_true(EVP_PKEY_is_a(pkey
, "SM2")))
1819 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
1822 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1825 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
1827 if (!TEST_ptr(sm3
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1830 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, sm3
, NULL
, pkey
)))
1833 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, id
, strlen(id
)), 0))
1836 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
1839 if (!TEST_int_gt(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
)), 0))
1845 EVP_PKEY_free(pkey
);
1846 EVP_PKEY_CTX_free(pctx
);
1847 EVP_MD_CTX_free(mctx
);
1852 static int test_EVP_SM2(void)
1855 EVP_PKEY
*pkey
= NULL
;
1856 EVP_PKEY
*pkeyparams
= NULL
;
1857 EVP_PKEY_CTX
*pctx
= NULL
;
1858 EVP_PKEY_CTX
*kctx
= NULL
;
1859 EVP_PKEY_CTX
*sctx
= NULL
;
1861 unsigned char *sig
= NULL
;
1862 EVP_MD_CTX
*md_ctx
= NULL
;
1863 EVP_MD_CTX
*md_ctx_verify
= NULL
;
1864 EVP_PKEY_CTX
*cctx
= NULL
;
1865 EVP_MD
*check_md
= NULL
;
1867 uint8_t ciphertext
[128];
1868 size_t ctext_len
= sizeof(ciphertext
);
1870 uint8_t plaintext
[8];
1871 size_t ptext_len
= sizeof(plaintext
);
1873 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
1875 OSSL_PARAM sparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1876 OSSL_PARAM gparams
[2] = {OSSL_PARAM_END
, OSSL_PARAM_END
};
1878 char mdname
[OSSL_MAX_NAME_SIZE
];
1880 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
,
1884 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
1887 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
1890 if (!TEST_true(EVP_PKEY_paramgen(pctx
, &pkeyparams
)))
1893 if (!TEST_ptr(kctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1894 pkeyparams
, testpropq
)))
1897 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0))
1900 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
1903 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
1906 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
1909 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
1912 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
1913 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
1915 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, "sm3", testpropq
)))
1918 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, check_md
, NULL
, pkey
)))
1921 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1924 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
1927 /* Determine the size of the signature. */
1928 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
1931 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
1934 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
1937 /* Ensure that the signature round-trips. */
1939 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, check_md
, NULL
,
1943 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
1946 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1949 if (!TEST_int_gt(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
), 0))
1952 /* now check encryption/decryption */
1954 gparams
[0] = OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1955 mdname
, sizeof(mdname
));
1956 for (i
= 0; i
< 2; i
++) {
1957 const char *mdnames
[] = {
1958 #ifndef OPENSSL_NO_SM3
1964 EVP_PKEY_CTX_free(cctx
);
1966 if (mdnames
[i
] == NULL
)
1970 OSSL_PARAM_construct_utf8_string(OSSL_ASYM_CIPHER_PARAM_DIGEST
,
1971 (char *)mdnames
[i
], 0);
1973 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new_from_pkey(testctx
,
1977 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
1980 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1983 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
,
1987 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
1990 if (!TEST_true(EVP_PKEY_CTX_set_params(cctx
, sparams
)))
1993 if (!TEST_int_gt(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
,
1997 if (!TEST_true(EVP_PKEY_CTX_get_params(cctx
, gparams
)))
2001 * Test we're still using the digest we think we are.
2002 * Because of aliases, the easiest is to fetch the digest and
2003 * check the name with EVP_MD_is_a().
2005 EVP_MD_free(check_md
);
2006 if (!TEST_ptr(check_md
= EVP_MD_fetch(testctx
, mdname
, testpropq
)))
2008 if (!TEST_true(EVP_MD_is_a(check_md
, mdnames
[i
]))) {
2009 TEST_info("Fetched md %s isn't %s", mdname
, mdnames
[i
]);
2013 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
2016 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
2022 EVP_PKEY_CTX_free(pctx
);
2023 EVP_PKEY_CTX_free(kctx
);
2024 EVP_PKEY_CTX_free(sctx
);
2025 EVP_PKEY_CTX_free(cctx
);
2026 EVP_PKEY_free(pkey
);
2027 EVP_PKEY_free(pkeyparams
);
2028 EVP_MD_CTX_free(md_ctx
);
2029 EVP_MD_CTX_free(md_ctx_verify
);
2030 EVP_MD_free(check_md
);
2037 static struct keys_st
{
2043 EVP_PKEY_HMAC
, "0123456789", NULL
2046 EVP_PKEY_HMAC
, "", NULL
2047 #ifndef OPENSSL_NO_POLY1305
2049 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
2051 #ifndef OPENSSL_NO_SIPHASH
2053 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
2056 #ifndef OPENSSL_NO_EC
2058 EVP_PKEY_X25519
, "01234567890123456789012345678901",
2059 "abcdefghijklmnopqrstuvwxyzabcdef"
2061 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
2062 "abcdefghijklmnopqrstuvwxyzabcdef"
2065 "01234567890123456789012345678901234567890123456789012345",
2066 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
2069 "012345678901234567890123456789012345678901234567890123456",
2070 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
2075 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
2078 unsigned char buf
[80];
2080 size_t inlen
, len
= 0, shortlen
= 1;
2083 /* Check if this algorithm supports public keys */
2084 if (pub
&& keys
[tst
].pub
== NULL
)
2087 memset(buf
, 0, sizeof(buf
));
2090 #ifndef OPENSSL_NO_EC
2091 inlen
= strlen(keys
[tst
].pub
);
2092 in
= (unsigned char *)keys
[tst
].pub
;
2094 pkey
= EVP_PKEY_new_raw_public_key_ex(
2096 OBJ_nid2sn(keys
[tst
].type
),
2101 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
2110 inlen
= strlen(keys
[tst
].priv
);
2111 in
= (unsigned char *)keys
[tst
].priv
;
2113 pkey
= EVP_PKEY_new_raw_private_key_ex(
2114 testctx
, OBJ_nid2sn(keys
[tst
].type
),
2119 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
2127 || !TEST_int_eq(EVP_PKEY_eq(pkey
, pkey
), 1)
2128 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
2129 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
2130 || !TEST_true(len
== inlen
))
2134 * Test that supplying a buffer that is too small fails. Doesn't apply
2135 * to HMAC with a zero length key
2137 if ((!pub
&& !TEST_false(EVP_PKEY_get_raw_private_key(pkey
, buf
,
2139 || (pub
&& !TEST_false(EVP_PKEY_get_raw_public_key(pkey
, buf
,
2143 if ((!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
2144 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
2145 || !TEST_mem_eq(in
, inlen
, buf
, len
))
2150 EVP_PKEY_free(pkey
);
2154 static int test_set_get_raw_keys(int tst
)
2156 return (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 0, 0))
2157 && test_set_get_raw_keys_int(tst
, 0, 1)
2158 && (nullprov
!= NULL
|| test_set_get_raw_keys_int(tst
, 1, 0))
2159 && test_set_get_raw_keys_int(tst
, 1, 1);
2162 #ifndef OPENSSL_NO_DEPRECATED_3_0
2163 static int pkey_custom_check(EVP_PKEY
*pkey
)
2168 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
2173 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
2178 static EVP_PKEY_METHOD
*custom_pmeth
;
2181 static int test_EVP_PKEY_check(int i
)
2184 EVP_PKEY
*pkey
= NULL
;
2185 EVP_PKEY_CTX
*ctx
= NULL
;
2186 #ifndef OPENSSL_NO_DEPRECATED_3_0
2187 EVP_PKEY_CTX
*ctx2
= NULL
;
2189 const APK_DATA
*ak
= &keycheckdata
[i
];
2190 const unsigned char *input
= ak
->kder
;
2191 size_t input_len
= ak
->size
;
2192 int expected_id
= ak
->evptype
;
2193 int expected_check
= ak
->check
;
2194 int expected_pub_check
= ak
->pub_check
;
2195 int expected_param_check
= ak
->param_check
;
2196 int type
= ak
->type
;
2198 if (!TEST_ptr(pkey
= load_example_key(ak
->keytype
, input
, input_len
)))
2201 && !TEST_int_eq(EVP_PKEY_get_id(pkey
), expected_id
))
2204 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
)))
2207 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
2210 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
2213 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
2216 #ifndef OPENSSL_NO_DEPRECATED_3_0
2217 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
2218 /* assign the pkey directly, as an internal test */
2219 EVP_PKEY_up_ref(pkey
);
2222 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
2225 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
2228 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
2235 EVP_PKEY_CTX_free(ctx
);
2236 #ifndef OPENSSL_NO_DEPRECATED_3_0
2237 EVP_PKEY_CTX_free(ctx2
);
2239 EVP_PKEY_free(pkey
);
2243 #ifndef OPENSSL_NO_CMAC
2244 static int get_cmac_val(EVP_PKEY
*pkey
, unsigned char *mac
)
2246 EVP_MD_CTX
*mdctx
= EVP_MD_CTX_new();
2247 const char msg
[] = "Hello World";
2248 size_t maclen
= AES_BLOCK_SIZE
;
2251 if (!TEST_ptr(mdctx
)
2252 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, NULL
, testctx
,
2253 testpropq
, pkey
, NULL
))
2254 || !TEST_true(EVP_DigestSignUpdate(mdctx
, msg
, sizeof(msg
)))
2255 || !TEST_true(EVP_DigestSignFinal(mdctx
, mac
, &maclen
))
2256 || !TEST_size_t_eq(maclen
, AES_BLOCK_SIZE
))
2259 EVP_MD_CTX_free(mdctx
);
2263 static int test_CMAC_keygen(void)
2265 static unsigned char key
[] = {
2266 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2267 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2268 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
2270 EVP_PKEY_CTX
*kctx
= NULL
;
2272 EVP_PKEY
*pkey
= NULL
;
2273 unsigned char mac
[AES_BLOCK_SIZE
];
2274 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2275 unsigned char mac2
[AES_BLOCK_SIZE
];
2278 if (nullprov
!= NULL
)
2279 return TEST_skip("Test does not support a non-default library context");
2282 * This is a legacy method for CMACs, but should still work.
2283 * This verifies that it works without an ENGINE.
2285 kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
2287 /* Test a CMAC key created using the "generated" method */
2288 if (!TEST_int_gt(EVP_PKEY_keygen_init(kctx
), 0)
2289 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2290 EVP_PKEY_CTRL_CIPHER
,
2291 0, (void *)EVP_aes_256_ecb()), 0)
2292 || !TEST_int_gt(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
2293 EVP_PKEY_CTRL_SET_MAC_KEY
,
2294 sizeof(key
), (void *)key
), 0)
2295 || !TEST_int_gt(EVP_PKEY_keygen(kctx
, &pkey
), 0)
2297 || !TEST_true(get_cmac_val(pkey
, mac
)))
2300 # if !defined(OPENSSL_NO_DEPRECATED_3_0)
2301 EVP_PKEY_free(pkey
);
2304 * Test a CMAC key using the direct method, and compare with the mac
2307 pkey
= EVP_PKEY_new_CMAC_key(NULL
, key
, sizeof(key
), EVP_aes_256_ecb());
2309 || !TEST_true(get_cmac_val(pkey
, mac2
))
2310 || !TEST_mem_eq(mac
, sizeof(mac
), mac2
, sizeof(mac2
)))
2317 EVP_PKEY_free(pkey
);
2318 EVP_PKEY_CTX_free(kctx
);
2323 static int test_HKDF(void)
2326 unsigned char out
[20];
2329 unsigned char salt
[] = "0123456789";
2330 unsigned char key
[] = "012345678901234567890123456789";
2331 unsigned char info
[] = "infostring";
2332 const unsigned char expected
[] = {
2333 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
2334 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
2336 size_t expectedlen
= sizeof(expected
);
2338 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2341 /* We do this twice to test reuse of the EVP_PKEY_CTX */
2342 for (i
= 0; i
< 2; i
++) {
2343 outlen
= sizeof(out
);
2344 memset(out
, 0, outlen
);
2346 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2347 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2348 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2349 sizeof(salt
) - 1), 0)
2350 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2351 sizeof(key
) - 1), 0)
2352 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2353 sizeof(info
) - 1), 0)
2354 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2355 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2362 EVP_PKEY_CTX_free(pctx
);
2367 static int test_emptyikm_HKDF(void)
2370 unsigned char out
[20];
2373 unsigned char salt
[] = "9876543210";
2374 unsigned char key
[] = "";
2375 unsigned char info
[] = "stringinfo";
2376 const unsigned char expected
[] = {
2377 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
2378 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
2380 size_t expectedlen
= sizeof(expected
);
2382 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "HKDF", testpropq
)))
2385 outlen
= sizeof(out
);
2386 memset(out
, 0, outlen
);
2388 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
2389 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
2390 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
2391 sizeof(salt
) - 1), 0)
2392 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
2393 sizeof(key
) - 1), 0)
2394 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
2395 sizeof(info
) - 1), 0)
2396 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
2397 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
2403 EVP_PKEY_CTX_free(pctx
);
2408 #ifndef OPENSSL_NO_EC
2409 static int test_X509_PUBKEY_inplace(void)
2412 X509_PUBKEY
*xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2413 const unsigned char *p
= kExampleECPubKeyDER
;
2414 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2418 if (!TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2421 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
2424 p
= kExampleBadECPubKeyDER
;
2425 input_len
= sizeof(kExampleBadECPubKeyDER
);
2427 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
2430 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
2436 X509_PUBKEY_free(xp
);
2440 static int test_X509_PUBKEY_dup(void)
2443 X509_PUBKEY
*xp
= NULL
, *xq
= NULL
;
2444 const unsigned char *p
= kExampleECPubKeyDER
;
2445 size_t input_len
= sizeof(kExampleECPubKeyDER
);
2447 xp
= X509_PUBKEY_new_ex(testctx
, testpropq
);
2449 || !TEST_ptr(d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2450 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
))
2451 || !TEST_ptr_ne(xp
, xq
))
2454 if (!TEST_ptr(X509_PUBKEY_get0(xq
))
2455 || !TEST_ptr(X509_PUBKEY_get0(xp
))
2456 || !TEST_ptr_ne(X509_PUBKEY_get0(xq
), X509_PUBKEY_get0(xp
)))
2459 X509_PUBKEY_free(xq
);
2461 p
= kExampleBadECPubKeyDER
;
2462 input_len
= sizeof(kExampleBadECPubKeyDER
);
2464 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
))
2465 || !TEST_ptr(xq
= X509_PUBKEY_dup(xp
)))
2468 X509_PUBKEY_free(xp
);
2470 if (!TEST_true(X509_PUBKEY_get0(xq
) == NULL
))
2476 X509_PUBKEY_free(xp
);
2477 X509_PUBKEY_free(xq
);
2480 #endif /* OPENSSL_NO_EC */
2482 /* Test getting and setting parameters on an EVP_PKEY_CTX */
2483 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
2485 EVP_MD_CTX
*mdctx
= NULL
;
2486 EVP_PKEY_CTX
*ctx
= NULL
;
2487 const OSSL_PARAM
*params
;
2488 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
2491 char mdname
[OSSL_MAX_NAME_SIZE
];
2494 /* Initialise a sign operation */
2495 ctx
= EVP_PKEY_CTX_new_from_pkey(testctx
, pkey
, testpropq
);
2497 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
2501 * We should be able to query the parameters now.
2503 params
= EVP_PKEY_CTX_settable_params(ctx
);
2504 if (!TEST_ptr(params
)
2505 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2506 OSSL_SIGNATURE_PARAM_DIGEST
)))
2509 params
= EVP_PKEY_CTX_gettable_params(ctx
);
2510 if (!TEST_ptr(params
)
2511 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2512 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
2513 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
2514 OSSL_SIGNATURE_PARAM_DIGEST
)))
2518 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
2519 * EVP_PKEY_CTX_get_params()
2521 strcpy(mdname
, "SHA512");
2523 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2525 *param
++ = OSSL_PARAM_construct_end();
2527 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
2531 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
2532 mdname
, sizeof(mdname
));
2533 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
2534 || !TEST_str_eq(mdname
, "SHA512"))
2538 * Test the TEST_PKEY_CTX_set_signature_md() and
2539 * TEST_PKEY_CTX_get_signature_md() functions
2541 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
2542 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
2543 || !TEST_ptr_eq(md
, EVP_sha256()))
2547 * Test getting MD parameters via an associated EVP_PKEY_CTX
2549 mdctx
= EVP_MD_CTX_new();
2550 if (!TEST_ptr(mdctx
)
2551 || !TEST_true(EVP_DigestSignInit_ex(mdctx
, NULL
, "SHA1", testctx
, testpropq
,
2556 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
2557 * able to obtain the digest's settable parameters from the provider.
2559 params
= EVP_MD_CTX_settable_params(mdctx
);
2560 if (!TEST_ptr(params
)
2561 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
2562 /* The final key should be NULL */
2563 || !TEST_ptr_null(params
[1].key
))
2567 memset(ssl3ms
, 0, sizeof(ssl3ms
));
2568 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
2569 ssl3ms
, sizeof(ssl3ms
));
2570 *param
++ = OSSL_PARAM_construct_end();
2572 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
2578 EVP_MD_CTX_free(mdctx
);
2579 EVP_PKEY_CTX_free(ctx
);
2584 #ifndef OPENSSL_NO_DSA
2585 static int test_DSA_get_set_params(void)
2587 OSSL_PARAM_BLD
*bld
= NULL
;
2588 OSSL_PARAM
*params
= NULL
;
2589 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
2590 EVP_PKEY_CTX
*pctx
= NULL
;
2591 EVP_PKEY
*pkey
= NULL
;
2595 * Setup the parameters for our DSA object. For our purposes they don't
2596 * have to actually be *valid* parameters. We just need to set something.
2598 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "DSA", NULL
))
2599 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2600 || !TEST_ptr(p
= BN_new())
2601 || !TEST_ptr(q
= BN_new())
2602 || !TEST_ptr(g
= BN_new())
2603 || !TEST_ptr(pub
= BN_new())
2604 || !TEST_ptr(priv
= BN_new()))
2606 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_P
, p
))
2607 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_Q
, q
))
2608 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_FFC_G
, g
))
2609 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PUB_KEY
,
2611 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_PRIV_KEY
,
2614 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2617 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2618 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2622 if (!TEST_ptr(pkey
))
2625 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2628 EVP_PKEY_free(pkey
);
2629 EVP_PKEY_CTX_free(pctx
);
2630 OSSL_PARAM_free(params
);
2631 OSSL_PARAM_BLD_free(bld
);
2642 * Test combinations of private, public, missing and private + public key
2643 * params to ensure they are all accepted
2645 static int test_DSA_priv_pub(void)
2647 return test_EVP_PKEY_ffc_priv_pub("DSA");
2650 #endif /* !OPENSSL_NO_DSA */
2652 static int test_RSA_get_set_params(void)
2654 OSSL_PARAM_BLD
*bld
= NULL
;
2655 OSSL_PARAM
*params
= NULL
;
2656 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
2657 EVP_PKEY_CTX
*pctx
= NULL
;
2658 EVP_PKEY
*pkey
= NULL
;
2662 * Setup the parameters for our RSA object. For our purposes they don't
2663 * have to actually be *valid* parameters. We just need to set something.
2665 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", NULL
))
2666 || !TEST_ptr(bld
= OSSL_PARAM_BLD_new())
2667 || !TEST_ptr(n
= BN_new())
2668 || !TEST_ptr(e
= BN_new())
2669 || !TEST_ptr(d
= BN_new()))
2671 if (!TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_N
, n
))
2672 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_E
, e
))
2673 || !TEST_true(OSSL_PARAM_BLD_push_BN(bld
, OSSL_PKEY_PARAM_RSA_D
, d
)))
2675 if (!TEST_ptr(params
= OSSL_PARAM_BLD_to_param(bld
)))
2678 if (!TEST_int_gt(EVP_PKEY_fromdata_init(pctx
), 0)
2679 || !TEST_int_gt(EVP_PKEY_fromdata(pctx
, &pkey
, EVP_PKEY_KEYPAIR
,
2683 if (!TEST_ptr(pkey
))
2686 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
2689 EVP_PKEY_free(pkey
);
2690 EVP_PKEY_CTX_free(pctx
);
2691 OSSL_PARAM_free(params
);
2692 OSSL_PARAM_BLD_free(bld
);
2700 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
2701 static int test_decrypt_null_chunks(void)
2703 EVP_CIPHER_CTX
* ctx
= NULL
;
2704 EVP_CIPHER
*cipher
= NULL
;
2705 const unsigned char key
[32] = {
2706 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
2707 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
2708 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
2710 unsigned char iv
[12] = {
2711 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
2713 unsigned char msg
[] = "It was the best of times, it was the worst of times";
2714 unsigned char ciphertext
[80];
2715 unsigned char plaintext
[80];
2716 /* We initialise tmp to a non zero value on purpose */
2717 int ctlen
, ptlen
, tmp
= 99;
2719 const int enc_offset
= 10, dec_offset
= 20;
2721 if (!TEST_ptr(cipher
= EVP_CIPHER_fetch(testctx
, "ChaCha20-Poly1305", testpropq
))
2722 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
2723 || !TEST_true(EVP_EncryptInit_ex(ctx
, cipher
, NULL
,
2725 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
2727 /* Deliberate add a zero length update */
2728 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
2730 || !TEST_int_eq(tmp
, 0)
2731 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
2733 sizeof(msg
) - enc_offset
))
2734 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
2735 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
2736 || !TEST_int_eq(tmp
, 0))
2739 /* Deliberately initialise tmp to a non zero value */
2741 if (!TEST_true(EVP_DecryptInit_ex(ctx
, cipher
, NULL
, key
, iv
))
2742 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
2745 * Deliberately add a zero length update. We also deliberately do
2746 * this at a different offset than for encryption.
2748 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
2750 || !TEST_int_eq(tmp
, 0)
2751 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
2752 ciphertext
+ dec_offset
,
2753 ctlen
- dec_offset
))
2754 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
2755 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
2756 || !TEST_int_eq(tmp
, 0)
2757 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
2762 EVP_CIPHER_CTX_free(ctx
);
2763 EVP_CIPHER_free(cipher
);
2766 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
2768 #ifndef OPENSSL_NO_DH
2770 * Test combinations of private, public, missing and private + public key
2771 * params to ensure they are all accepted
2773 static int test_DH_priv_pub(void)
2775 return test_EVP_PKEY_ffc_priv_pub("DH");
2778 # ifndef OPENSSL_NO_DEPRECATED_3_0
2779 static int test_EVP_PKEY_set1_DH(void)
2781 DH
*x942dh
= NULL
, *noqdh
= NULL
;
2782 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
2784 BIGNUM
*p
, *g
= NULL
;
2785 BIGNUM
*pubkey
= NULL
;
2786 unsigned char pub
[2048 / 8];
2789 if (!TEST_ptr(p
= BN_new())
2790 || !TEST_ptr(g
= BN_new())
2791 || !TEST_ptr(pubkey
= BN_new())
2792 || !TEST_true(BN_set_word(p
, 9999))
2793 || !TEST_true(BN_set_word(g
, 2))
2794 || !TEST_true(BN_set_word(pubkey
, 4321))
2795 || !TEST_ptr(noqdh
= DH_new())
2796 || !TEST_true(DH_set0_pqg(noqdh
, p
, NULL
, g
))
2797 || !TEST_true(DH_set0_key(noqdh
, pubkey
, NULL
))
2798 || !TEST_ptr(pubkey
= BN_new())
2799 || !TEST_true(BN_set_word(pubkey
, 4321)))
2803 x942dh
= DH_get_2048_256();
2804 pkey1
= EVP_PKEY_new();
2805 pkey2
= EVP_PKEY_new();
2806 if (!TEST_ptr(x942dh
)
2810 || !TEST_true(DH_set0_key(x942dh
, pubkey
, NULL
)))
2814 if (!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
2815 || !TEST_int_eq(EVP_PKEY_get_id(pkey1
), EVP_PKEY_DHX
))
2818 if (!TEST_true(EVP_PKEY_get_bn_param(pkey1
, OSSL_PKEY_PARAM_PUB_KEY
,
2820 || !TEST_ptr(pubkey
))
2823 if (!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
2824 || !TEST_int_eq(EVP_PKEY_get_id(pkey2
), EVP_PKEY_DH
))
2827 if (!TEST_true(EVP_PKEY_get_octet_string_param(pkey2
,
2828 OSSL_PKEY_PARAM_PUB_KEY
,
2829 pub
, sizeof(pub
), &len
))
2830 || !TEST_size_t_ne(len
, 0))
2838 EVP_PKEY_free(pkey1
);
2839 EVP_PKEY_free(pkey2
);
2845 # endif /* !OPENSSL_NO_DEPRECATED_3_0 */
2846 #endif /* !OPENSSL_NO_DH */
2849 * We test what happens with an empty template. For the sake of this test,
2850 * the template must be ignored, and we know that's the case for RSA keys
2851 * (this might arguably be a misfeature, but that's what we currently do,
2852 * even in provider code, since that's how the legacy RSA implementation
2855 static int test_keygen_with_empty_template(int n
)
2857 EVP_PKEY_CTX
*ctx
= NULL
;
2858 EVP_PKEY
*pkey
= NULL
;
2859 EVP_PKEY
*tkey
= NULL
;
2862 if (nullprov
!= NULL
)
2863 return TEST_skip("Test does not support a non-default library context");
2867 /* We do test with no template at all as well */
2868 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
2872 /* Here we create an empty RSA key that serves as our template */
2873 if (!TEST_ptr(tkey
= EVP_PKEY_new())
2874 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
2875 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
2880 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
2881 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
2886 EVP_PKEY_CTX_free(ctx
);
2887 EVP_PKEY_free(pkey
);
2888 EVP_PKEY_free(tkey
);
2893 * Test that we fail if we attempt to use an algorithm that is not available
2894 * in the current library context (unless we are using an algorithm that
2895 * should be made available via legacy codepaths).
2900 static int test_pkey_ctx_fail_without_provider(int tst
)
2902 OSSL_LIB_CTX
*tmpctx
= OSSL_LIB_CTX_new();
2903 OSSL_PROVIDER
*tmpnullprov
= NULL
;
2904 EVP_PKEY_CTX
*pctx
= NULL
;
2905 const char *keytype
= NULL
;
2906 int expect_null
= 0;
2909 if (!TEST_ptr(tmpctx
))
2912 tmpnullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
2913 if (!TEST_ptr(tmpnullprov
))
2917 * We check for certain algos in the null provider.
2918 * If an algo is expected to have a provider keymgmt, contructing an
2919 * EVP_PKEY_CTX is expected to fail (return NULL).
2920 * Otherwise, if it's expected to have legacy support, contructing an
2921 * EVP_PKEY_CTX is expected to succeed (return non-NULL).
2931 #ifdef OPENSSL_NO_EC
2932 TEST_info("EC disable, skipping SM2 check...");
2935 #ifdef OPENSSL_NO_SM2
2936 TEST_info("SM2 disable, skipping SM2 check...");
2941 TEST_error("No test for case %d", tst
);
2945 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, keytype
, "");
2946 if (expect_null
? !TEST_ptr_null(pctx
) : !TEST_ptr(pctx
))
2949 #if defined(OPENSSL_NO_EC) || defined(OPENSSL_NO_SM2)
2955 EVP_PKEY_CTX_free(pctx
);
2956 OSSL_PROVIDER_unload(tmpnullprov
);
2957 OSSL_LIB_CTX_free(tmpctx
);
2961 static int test_rand_agglomeration(void)
2965 OSSL_PARAM params
[3], *p
= params
;
2967 unsigned int step
= 7;
2968 static unsigned char seed
[] = "It does not matter how slowly you go "
2969 "as long as you do not stop.";
2970 unsigned char out
[sizeof(seed
)];
2972 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
2973 || !TEST_ptr(rand
= EVP_RAND_fetch(testctx
, "TEST-RAND", testpropq
)))
2975 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
2976 EVP_RAND_free(rand
);
2980 memset(out
, 0, sizeof(out
));
2981 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
2982 seed
, sizeof(seed
));
2983 *p
++ = OSSL_PARAM_construct_uint(OSSL_RAND_PARAM_MAX_REQUEST
, &step
);
2984 *p
= OSSL_PARAM_construct_end();
2985 res
= TEST_true(EVP_RAND_CTX_set_params(ctx
, params
))
2986 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
2987 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
2988 EVP_RAND_CTX_free(ctx
);
2993 * Test that we correctly return the original or "running" IV after
2994 * an encryption operation.
2995 * Run multiple times for some different relevant algorithms/modes.
2997 static int test_evp_iv_aes(int idx
)
3000 EVP_CIPHER_CTX
*ctx
= NULL
;
3001 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
3002 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
3003 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
3004 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
3005 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
3006 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3007 9, 10, 11, 12, 13, 14, 15, 16 };
3008 unsigned char ciphertext
[32], oiv
[16], iv
[16];
3009 unsigned char *ref_iv
;
3010 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
3011 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
3013 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
3014 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
3015 unsigned char cfb_state
[16] = {0x77, 0xe4, 0x65, 0x65, 0xd5, 0x8c, 0xe3, 0x6c,
3016 0xd4, 0x6c, 0xb4, 0x0c, 0xfd, 0xed, 0x60, 0xed};
3017 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3018 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3019 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
3020 #ifndef OPENSSL_NO_OCB
3021 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
3022 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
3024 int len
= sizeof(ciphertext
);
3025 size_t ivlen
, ref_len
;
3026 const EVP_CIPHER
*type
= NULL
;
3029 if (nullprov
!= NULL
&& idx
< 6)
3030 return TEST_skip("Test does not support a non-default library context");
3034 type
= EVP_aes_128_cbc();
3037 type
= (type
!= NULL
) ? type
:
3038 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", testpropq
);
3040 ref_len
= sizeof(cbc_state
);
3044 type
= EVP_aes_128_ofb();
3047 type
= (type
!= NULL
) ? type
:
3048 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", testpropq
);
3050 ref_len
= sizeof(ofb_state
);
3054 type
= EVP_aes_128_cfb();
3057 type
= (type
!= NULL
) ? type
:
3058 EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
);
3060 ref_len
= sizeof(cfb_state
);
3064 type
= EVP_aes_128_gcm();
3067 type
= (type
!= NULL
) ? type
:
3068 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", testpropq
);
3070 ref_len
= sizeof(gcm_state
);
3073 type
= EVP_aes_128_ccm();
3076 type
= (type
!= NULL
) ? type
:
3077 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", testpropq
);
3079 ref_len
= sizeof(ccm_state
);
3081 #ifdef OPENSSL_NO_OCB
3087 type
= EVP_aes_128_ocb();
3090 type
= (type
!= NULL
) ? type
:
3091 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", testpropq
);
3093 ref_len
= sizeof(ocb_state
);
3101 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3102 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3103 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3105 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3106 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3107 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3109 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3110 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3111 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3114 /* CBC, OFB, and CFB modes: the updated iv must be reset after reinit */
3115 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3116 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3119 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3122 if (!TEST_mem_eq(ref_iv
, ivlen
, iv
, ivlen
))
3128 EVP_CIPHER_CTX_free(ctx
);
3130 EVP_CIPHER_free((EVP_CIPHER
*)type
);
3134 #ifndef OPENSSL_NO_DES
3135 static int test_evp_iv_des(int idx
)
3138 EVP_CIPHER_CTX
*ctx
= NULL
;
3139 static const unsigned char key
[24] = {
3140 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
3141 0xf1, 0xe0, 0xd3, 0xc2, 0xb5, 0xa4, 0x97, 0x86,
3142 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3144 static const unsigned char init_iv
[8] = {
3145 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10
3147 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
3148 9, 10, 11, 12, 13, 14, 15, 16 };
3149 unsigned char ciphertext
[32], oiv
[8], iv
[8];
3150 unsigned const char *ref_iv
;
3151 static const unsigned char cbc_state_des
[8] = {
3152 0x4f, 0xa3, 0x85, 0xcd, 0x8b, 0xf3, 0x06, 0x2a
3154 static const unsigned char cbc_state_3des
[8] = {
3155 0x35, 0x27, 0x7d, 0x65, 0x6c, 0xfb, 0x50, 0xd9
3157 static const unsigned char ofb_state_des
[8] = {
3158 0xa7, 0x0d, 0x1d, 0x45, 0xf9, 0x96, 0x3f, 0x2c
3160 static const unsigned char ofb_state_3des
[8] = {
3161 0xab, 0x16, 0x24, 0xbb, 0x5b, 0xac, 0xed, 0x5e
3163 static const unsigned char cfb_state_des
[8] = {
3164 0x91, 0xeb, 0x6d, 0x29, 0x4b, 0x08, 0xbd, 0x73
3166 static const unsigned char cfb_state_3des
[8] = {
3167 0x34, 0xdd, 0xfb, 0x47, 0x33, 0x1c, 0x61, 0xf7
3169 int len
= sizeof(ciphertext
);
3170 size_t ivlen
, ref_len
;
3171 EVP_CIPHER
*type
= NULL
;
3173 if (lgcyprov
== NULL
&& idx
< 3)
3174 return TEST_skip("Test requires legacy provider to be loaded");
3178 type
= EVP_CIPHER_fetch(testctx
, "des-cbc", testpropq
);
3179 ref_iv
= cbc_state_des
;
3180 ref_len
= sizeof(cbc_state_des
);
3183 type
= EVP_CIPHER_fetch(testctx
, "des-ofb", testpropq
);
3184 ref_iv
= ofb_state_des
;
3185 ref_len
= sizeof(ofb_state_des
);
3188 type
= EVP_CIPHER_fetch(testctx
, "des-cfb", testpropq
);
3189 ref_iv
= cfb_state_des
;
3190 ref_len
= sizeof(cfb_state_des
);
3193 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cbc", testpropq
);
3194 ref_iv
= cbc_state_3des
;
3195 ref_len
= sizeof(cbc_state_3des
);
3198 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-ofb", testpropq
);
3199 ref_iv
= ofb_state_3des
;
3200 ref_len
= sizeof(ofb_state_3des
);
3203 type
= EVP_CIPHER_fetch(testctx
, "des-ede3-cfb", testpropq
);
3204 ref_iv
= cfb_state_3des
;
3205 ref_len
= sizeof(cfb_state_3des
);
3212 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
3213 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
3214 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
3216 || !TEST_true(EVP_CIPHER_CTX_get_original_iv(ctx
, oiv
, sizeof(oiv
)))
3217 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
)))
3218 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
3220 ivlen
= EVP_CIPHER_CTX_get_iv_length(ctx
);
3221 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
3222 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
3225 if (!TEST_true(EVP_EncryptInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
))
3226 || !TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, iv
, sizeof(iv
))))
3228 if (!TEST_mem_eq(init_iv
, ivlen
, iv
, ivlen
))
3233 EVP_CIPHER_CTX_free(ctx
);
3234 EVP_CIPHER_free(type
);
3239 #ifndef OPENSSL_NO_EC
3240 static int ecpub_nids
[] = {
3241 NID_brainpoolP256r1
, NID_X9_62_prime256v1
,
3242 NID_secp384r1
, NID_secp521r1
,
3243 # ifndef OPENSSL_NO_EC2M
3244 NID_sect233k1
, NID_sect233r1
, NID_sect283r1
,
3245 NID_sect409k1
, NID_sect409r1
, NID_sect571k1
, NID_sect571r1
,
3247 NID_brainpoolP384r1
, NID_brainpoolP512r1
3250 static int test_ecpub(int idx
)
3252 int ret
= 0, len
, savelen
;
3254 unsigned char buf
[1024];
3256 EVP_PKEY
*pkey
= NULL
;
3257 EVP_PKEY_CTX
*ctx
= NULL
;
3258 # ifndef OPENSSL_NO_DEPRECATED_3_0
3259 const unsigned char *q
;
3260 EVP_PKEY
*pkey2
= NULL
;
3264 if (nullprov
!= NULL
)
3265 return TEST_skip("Test does not support a non-default library context");
3267 nid
= ecpub_nids
[idx
];
3269 ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
3271 || !TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3272 || !TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx
, nid
))
3273 || !TEST_true(EVP_PKEY_keygen(ctx
, &pkey
)))
3275 len
= i2d_PublicKey(pkey
, NULL
);
3277 if (!TEST_int_ge(len
, 1)
3278 || !TEST_int_lt(len
, 1024))
3281 len
= i2d_PublicKey(pkey
, &p
);
3282 if (!TEST_int_ge(len
, 1)
3283 || !TEST_int_eq(len
, savelen
))
3286 # ifndef OPENSSL_NO_DEPRECATED_3_0
3287 /* Now try to decode the just-created DER. */
3289 if (!TEST_ptr((pkey2
= EVP_PKEY_new()))
3290 || !TEST_ptr((ec
= EC_KEY_new_by_curve_name(nid
)))
3291 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey2
, ec
)))
3293 /* EC_KEY ownership transferred */
3295 if (!TEST_ptr(d2i_PublicKey(EVP_PKEY_EC
, &pkey2
, &q
, savelen
)))
3297 /* The keys should match. */
3298 if (!TEST_int_eq(EVP_PKEY_eq(pkey
, pkey2
), 1))
3305 EVP_PKEY_CTX_free(ctx
);
3306 EVP_PKEY_free(pkey
);
3307 # ifndef OPENSSL_NO_DEPRECATED_3_0
3308 EVP_PKEY_free(pkey2
);
3315 static int test_EVP_rsa_pss_with_keygen_bits(void)
3318 EVP_PKEY_CTX
*ctx
= NULL
;
3319 EVP_PKEY
*pkey
= NULL
;
3322 md
= EVP_MD_fetch(testctx
, "sha256", testpropq
);
3324 && TEST_ptr((ctx
= EVP_PKEY_CTX_new_from_name(testctx
, "RSA", testpropq
)))
3325 && TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
3326 && TEST_int_gt(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx
, 512), 0)
3327 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_keygen_md(ctx
, md
))
3328 && TEST_true(EVP_PKEY_keygen(ctx
, &pkey
));
3331 EVP_PKEY_free(pkey
);
3332 EVP_PKEY_CTX_free(ctx
);
3336 static int test_EVP_rsa_pss_set_saltlen(void)
3339 EVP_PKEY
*pkey
= NULL
;
3340 EVP_PKEY_CTX
*pkey_ctx
= NULL
;
3341 EVP_MD
*sha256
= NULL
;
3342 EVP_MD_CTX
*sha256_ctx
= NULL
;
3343 int saltlen
= 9999; /* buggy EVP_PKEY_CTX_get_rsa_pss_saltlen() didn't update this */
3344 const int test_value
= 32;
3346 ret
= TEST_ptr(pkey
= load_example_rsa_key())
3347 && TEST_ptr(sha256
= EVP_MD_fetch(testctx
, "sha256", NULL
))
3348 && TEST_ptr(sha256_ctx
= EVP_MD_CTX_new())
3349 && TEST_true(EVP_DigestSignInit(sha256_ctx
, &pkey_ctx
, sha256
, NULL
, pkey
))
3350 && TEST_true(EVP_PKEY_CTX_set_rsa_padding(pkey_ctx
, RSA_PKCS1_PSS_PADDING
))
3351 && TEST_true(EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx
, test_value
))
3352 && TEST_true(EVP_PKEY_CTX_get_rsa_pss_saltlen(pkey_ctx
, &saltlen
))
3353 && TEST_int_eq(saltlen
, test_value
);
3355 EVP_MD_CTX_free(sha256_ctx
);
3356 EVP_PKEY_free(pkey
);
3357 EVP_MD_free(sha256
);
3362 static int success
= 1;
3363 static void md_names(const char *name
, void *vctx
)
3365 OSSL_LIB_CTX
*ctx
= (OSSL_LIB_CTX
*)vctx
;
3366 /* Force a namemap update */
3367 EVP_CIPHER
*aes128
= EVP_CIPHER_fetch(ctx
, "AES-128-CBC", NULL
);
3369 if (!TEST_ptr(aes128
))
3372 EVP_CIPHER_free(aes128
);
3376 * Test that changing the namemap in a user callback works in a names_do_all
3379 static int test_names_do_all(void)
3381 /* We use a custom libctx so that we know the state of the namemap */
3382 OSSL_LIB_CTX
*ctx
= OSSL_LIB_CTX_new();
3383 EVP_MD
*sha256
= NULL
;
3389 sha256
= EVP_MD_fetch(ctx
, "SHA2-256", NULL
);
3390 if (!TEST_ptr(sha256
))
3394 * We loop through all the names for a given digest. This should still work
3395 * even if the namemap changes part way through.
3397 if (!TEST_true(EVP_MD_names_do_all(sha256
, md_names
, ctx
)))
3400 if (!TEST_true(success
))
3405 EVP_MD_free(sha256
);
3406 OSSL_LIB_CTX_free(ctx
);
3412 const unsigned char *key
;
3413 const unsigned char *iv
;
3414 const unsigned char *input
;
3415 const unsigned char *expected
;
3416 const unsigned char *tag
;
3417 size_t ivlen
; /* 0 if we do not need to set a specific IV len */
3426 static const EVP_INIT_TEST_st evp_init_tests
[] = {
3428 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3429 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3433 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3434 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3435 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3436 sizeof(gcmDefaultTag
), 1, 0, 1
3439 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbPlaintext
,
3440 cfbCiphertext
, NULL
, 0, sizeof(cfbPlaintext
), sizeof(cfbCiphertext
),
3444 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultPlaintext
,
3445 gcmDefaultCiphertext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3446 sizeof(gcmDefaultPlaintext
), sizeof(gcmDefaultCiphertext
),
3447 sizeof(gcmDefaultTag
), 0, 0, 1
3450 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3451 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3455 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3456 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3457 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3458 sizeof(gcmDefaultTag
), 1, 1, 0
3461 "aes-128-cfb", kCFBDefaultKey
, iCFBIV
, cfbCiphertext
,
3462 cfbPlaintext
, NULL
, 0, sizeof(cfbCiphertext
), sizeof(cfbPlaintext
),
3466 "aes-256-gcm", kGCMDefaultKey
, iGCMDefaultIV
, gcmDefaultCiphertext
,
3467 gcmDefaultPlaintext
, gcmDefaultTag
, sizeof(iGCMDefaultIV
),
3468 sizeof(gcmDefaultCiphertext
), sizeof(gcmDefaultPlaintext
),
3469 sizeof(gcmDefaultTag
), 0, 1, 0
3473 static int evp_init_seq_set_iv(EVP_CIPHER_CTX
*ctx
, const EVP_INIT_TEST_st
*t
)
3477 if (t
->ivlen
!= 0) {
3478 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen
, NULL
)))
3481 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv
, -1)))
3489 * Test step-wise cipher initialization via EVP_CipherInit_ex where the
3490 * arguments are given one at a time and a final adjustment to the enc
3491 * parameter sets the correct operation.
3493 static int test_evp_init_seq(int idx
)
3495 int outlen1
, outlen2
;
3497 unsigned char outbuf
[1024];
3498 unsigned char tag
[16];
3499 const EVP_INIT_TEST_st
*t
= &evp_init_tests
[idx
];
3500 EVP_CIPHER_CTX
*ctx
= NULL
;
3501 EVP_CIPHER
*type
= NULL
;
3502 size_t taglen
= sizeof(tag
);
3503 char *errmsg
= NULL
;
3505 ctx
= EVP_CIPHER_CTX_new();
3507 errmsg
= "CTX_ALLOC";
3510 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
))) {
3511 errmsg
= "CIPHER_FETCH";
3514 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, t
->initenc
))) {
3515 errmsg
= "EMPTY_ENC_INIT";
3518 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3522 if (t
->keyfirst
&& !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3523 errmsg
= "KEY_INIT (before iv)";
3526 if (!evp_init_seq_set_iv(ctx
, t
)) {
3530 if (t
->keyfirst
== 0 && !TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, t
->key
, NULL
, -1))) {
3531 errmsg
= "KEY_INIT (after iv)";
3534 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, t
->finalenc
))) {
3535 errmsg
= "FINAL_ENC_INIT";
3538 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3539 errmsg
= "CIPHER_UPDATE";
3542 if (t
->finalenc
== 0 && t
->tag
!= NULL
) {
3543 /* Set expected tag */
3544 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_SET_TAG
,
3545 t
->taglen
, (void *)t
->tag
))) {
3550 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3551 errmsg
= "CIPHER_FINAL";
3554 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3555 errmsg
= "WRONG_RESULT";
3558 if (t
->finalenc
!= 0 && t
->tag
!= NULL
) {
3559 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3563 if (!TEST_mem_eq(t
->tag
, t
->taglen
, tag
, taglen
)) {
3564 errmsg
= "TAG_ERROR";
3571 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3572 EVP_CIPHER_CTX_free(ctx
);
3573 EVP_CIPHER_free(type
);
3578 const unsigned char *input
;
3579 const unsigned char *expected
;
3583 } EVP_RESET_TEST_st
;
3585 static const EVP_RESET_TEST_st evp_reset_tests
[] = {
3587 cfbPlaintext
, cfbCiphertext
,
3588 sizeof(cfbPlaintext
), sizeof(cfbCiphertext
), 1
3591 cfbCiphertext
, cfbPlaintext
,
3592 sizeof(cfbCiphertext
), sizeof(cfbPlaintext
), 0
3597 * Test a reset of a cipher via EVP_CipherInit_ex after the cipher has already
3600 static int test_evp_reset(int idx
)
3602 const EVP_RESET_TEST_st
*t
= &evp_reset_tests
[idx
];
3603 int outlen1
, outlen2
;
3605 unsigned char outbuf
[1024];
3606 EVP_CIPHER_CTX
*ctx
= NULL
;
3607 EVP_CIPHER
*type
= NULL
;
3608 char *errmsg
= NULL
;
3610 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3611 errmsg
= "CTX_ALLOC";
3614 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-128-cfb", testpropq
))) {
3615 errmsg
= "CIPHER_FETCH";
3618 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3619 errmsg
= "CIPHER_INIT";
3622 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3626 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3627 errmsg
= "CIPHER_UPDATE";
3630 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3631 errmsg
= "CIPHER_FINAL";
3634 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3635 errmsg
= "WRONG_RESULT";
3638 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, NULL
, -1))) {
3639 errmsg
= "CIPHER_REINIT";
3642 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, t
->input
, t
->inlen
))) {
3643 errmsg
= "CIPHER_UPDATE (reinit)";
3646 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3647 errmsg
= "CIPHER_FINAL (reinit)";
3650 if (!TEST_mem_eq(t
->expected
, t
->expectedlen
, outbuf
, outlen1
+ outlen2
)) {
3651 errmsg
= "WRONG_RESULT (reinit)";
3657 TEST_info("test_evp_reset %d: %s", idx
, errmsg
);
3658 EVP_CIPHER_CTX_free(ctx
);
3659 EVP_CIPHER_free(type
);
3666 } EVP_UPDATED_IV_TEST_st
;
3668 static const EVP_UPDATED_IV_TEST_st evp_updated_iv_tests
[] = {
3708 * Test that the IV in the context is updated during a crypto operation for CFB
3711 static int test_evp_updated_iv(int idx
)
3713 const EVP_UPDATED_IV_TEST_st
*t
= &evp_updated_iv_tests
[idx
];
3714 int outlen1
, outlen2
;
3716 unsigned char outbuf
[1024];
3717 EVP_CIPHER_CTX
*ctx
= NULL
;
3718 EVP_CIPHER
*type
= NULL
;
3719 unsigned char updated_iv
[EVP_MAX_IV_LENGTH
];
3721 char *errmsg
= NULL
;
3723 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3724 errmsg
= "CTX_ALLOC";
3727 if ((type
= EVP_CIPHER_fetch(testctx
, t
->cipher
, testpropq
)) == NULL
) {
3728 TEST_info("cipher %s not supported, skipping", t
->cipher
);
3732 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, kCFBDefaultKey
, iCFBIV
, t
->enc
))) {
3733 errmsg
= "CIPHER_INIT";
3736 if (!TEST_true(EVP_CIPHER_CTX_set_padding(ctx
, 0))) {
3740 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, cfbPlaintext
, sizeof(cfbPlaintext
)))) {
3741 errmsg
= "CIPHER_UPDATE";
3744 if (!TEST_true(EVP_CIPHER_CTX_get_updated_iv(ctx
, updated_iv
, sizeof(updated_iv
)))) {
3745 errmsg
= "CIPHER_CTX_GET_UPDATED_IV";
3748 if (!TEST_true(iv_len
= EVP_CIPHER_CTX_get_iv_length(ctx
))) {
3749 errmsg
= "CIPHER_CTX_GET_IV_LEN";
3752 if (!TEST_mem_ne(iCFBIV
, sizeof(iCFBIV
), updated_iv
, iv_len
)) {
3753 errmsg
= "IV_NOT_UPDATED";
3756 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3757 errmsg
= "CIPHER_FINAL";
3764 TEST_info("test_evp_updated_iv %d: %s", idx
, errmsg
);
3765 EVP_CIPHER_CTX_free(ctx
);
3766 EVP_CIPHER_free(type
);
3771 const unsigned char *iv1
;
3772 const unsigned char *iv2
;
3773 const unsigned char *expected1
;
3774 const unsigned char *expected2
;
3775 const unsigned char *tag1
;
3776 const unsigned char *tag2
;
3779 size_t expectedlen1
;
3780 size_t expectedlen2
;
3781 } TEST_GCM_IV_REINIT_st
;
3783 static const TEST_GCM_IV_REINIT_st gcm_reinit_tests
[] = {
3785 iGCMResetIV1
, iGCMResetIV2
, gcmResetCiphertext1
, gcmResetCiphertext2
,
3786 gcmResetTag1
, gcmResetTag2
, sizeof(iGCMResetIV1
), sizeof(iGCMResetIV2
),
3787 sizeof(gcmResetCiphertext1
), sizeof(gcmResetCiphertext2
)
3790 iGCMResetIV2
, iGCMResetIV1
, gcmResetCiphertext2
, gcmResetCiphertext1
,
3791 gcmResetTag2
, gcmResetTag1
, sizeof(iGCMResetIV2
), sizeof(iGCMResetIV1
),
3792 sizeof(gcmResetCiphertext2
), sizeof(gcmResetCiphertext1
)
3796 static int test_gcm_reinit(int idx
)
3798 int outlen1
, outlen2
, outlen3
;
3800 unsigned char outbuf
[1024];
3801 unsigned char tag
[16];
3802 const TEST_GCM_IV_REINIT_st
*t
= &gcm_reinit_tests
[idx
];
3803 EVP_CIPHER_CTX
*ctx
= NULL
;
3804 EVP_CIPHER
*type
= NULL
;
3805 size_t taglen
= sizeof(tag
);
3806 char *errmsg
= NULL
;
3808 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())) {
3809 errmsg
= "CTX_ALLOC";
3812 if (!TEST_ptr(type
= EVP_CIPHER_fetch(testctx
, "aes-256-gcm", testpropq
))) {
3813 errmsg
= "CIPHER_FETCH";
3816 if (!TEST_true(EVP_CipherInit_ex(ctx
, type
, NULL
, NULL
, NULL
, 1))) {
3817 errmsg
= "ENC_INIT";
3820 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen1
, NULL
))) {
3821 errmsg
= "SET_IVLEN1";
3824 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, kGCMResetKey
, t
->iv1
, 1))) {
3828 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3832 EVP_CIPHER_CTX_set_padding(ctx
, 0);
3833 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3834 sizeof(gcmResetPlaintext
)))) {
3835 errmsg
= "CIPHER_UPDATE1";
3838 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3839 errmsg
= "CIPHER_FINAL1";
3842 if (!TEST_mem_eq(t
->expected1
, t
->expectedlen1
, outbuf
, outlen1
+ outlen2
)) {
3843 errmsg
= "WRONG_RESULT1";
3846 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3847 errmsg
= "GET_TAG1";
3850 if (!TEST_mem_eq(t
->tag1
, taglen
, tag
, taglen
)) {
3851 errmsg
= "TAG_ERROR1";
3855 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_GCM_SET_IVLEN
, t
->ivlen2
, NULL
))) {
3856 errmsg
= "SET_IVLEN2";
3859 if (!TEST_true(EVP_CipherInit_ex(ctx
, NULL
, NULL
, NULL
, t
->iv2
, -1))) {
3863 if (!TEST_true(EVP_CipherUpdate(ctx
, NULL
, &outlen3
, gcmAAD
, sizeof(gcmAAD
)))) {
3867 if (!TEST_true(EVP_CipherUpdate(ctx
, outbuf
, &outlen1
, gcmResetPlaintext
,
3868 sizeof(gcmResetPlaintext
)))) {
3869 errmsg
= "CIPHER_UPDATE2";
3872 if (!TEST_true(EVP_CipherFinal_ex(ctx
, outbuf
+ outlen1
, &outlen2
))) {
3873 errmsg
= "CIPHER_FINAL2";
3876 if (!TEST_mem_eq(t
->expected2
, t
->expectedlen2
, outbuf
, outlen1
+ outlen2
)) {
3877 errmsg
= "WRONG_RESULT2";
3880 if (!TEST_true(EVP_CIPHER_CTX_ctrl(ctx
, EVP_CTRL_AEAD_GET_TAG
, taglen
, tag
))) {
3881 errmsg
= "GET_TAG2";
3884 if (!TEST_mem_eq(t
->tag2
, taglen
, tag
, taglen
)) {
3885 errmsg
= "TAG_ERROR2";
3891 TEST_info("evp_init_test %d: %s", idx
, errmsg
);
3892 EVP_CIPHER_CTX_free(ctx
);
3893 EVP_CIPHER_free(type
);
3897 #ifndef OPENSSL_NO_DEPRECATED_3_0
3898 static EVP_PKEY_METHOD
*custom_pmeth
= NULL
;
3899 static const EVP_PKEY_METHOD
*orig_pmeth
= NULL
;
3901 # define EVP_PKEY_CTRL_MY_COMMAND 9999
3903 static int custom_pmeth_init(EVP_PKEY_CTX
*ctx
)
3905 int (*pinit
)(EVP_PKEY_CTX
*ctx
);
3907 EVP_PKEY_meth_get_init(orig_pmeth
, &pinit
);
3911 static void custom_pmeth_cleanup(EVP_PKEY_CTX
*ctx
)
3913 void (*pcleanup
)(EVP_PKEY_CTX
*ctx
);
3915 EVP_PKEY_meth_get_cleanup(orig_pmeth
, &pcleanup
);
3919 static int custom_pmeth_sign(EVP_PKEY_CTX
*ctx
, unsigned char *out
,
3920 size_t *outlen
, const unsigned char *in
,
3923 int (*psign
)(EVP_PKEY_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3924 const unsigned char *tbs
, size_t tbslen
);
3926 EVP_PKEY_meth_get_sign(orig_pmeth
, NULL
, &psign
);
3927 return psign(ctx
, out
, outlen
, in
, inlen
);
3930 static int custom_pmeth_digestsign(EVP_MD_CTX
*ctx
, unsigned char *sig
,
3931 size_t *siglen
, const unsigned char *tbs
,
3934 int (*pdigestsign
)(EVP_MD_CTX
*ctx
, unsigned char *sig
, size_t *siglen
,
3935 const unsigned char *tbs
, size_t tbslen
);
3937 EVP_PKEY_meth_get_digestsign(orig_pmeth
, &pdigestsign
);
3938 return pdigestsign(ctx
, sig
, siglen
, tbs
, tbslen
);
3941 static int custom_pmeth_derive(EVP_PKEY_CTX
*ctx
, unsigned char *key
,
3944 int (*pderive
)(EVP_PKEY_CTX
*ctx
, unsigned char *key
, size_t *keylen
);
3946 EVP_PKEY_meth_get_derive(orig_pmeth
, NULL
, &pderive
);
3947 return pderive(ctx
, key
, keylen
);
3950 static int custom_pmeth_copy(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
)
3952 int (*pcopy
)(EVP_PKEY_CTX
*dst
, const EVP_PKEY_CTX
*src
);
3954 EVP_PKEY_meth_get_copy(orig_pmeth
, &pcopy
);
3955 return pcopy(dst
, src
);
3958 static int ctrl_called
;
3960 static int custom_pmeth_ctrl(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
)
3962 int (*pctrl
)(EVP_PKEY_CTX
*ctx
, int type
, int p1
, void *p2
);
3964 EVP_PKEY_meth_get_ctrl(orig_pmeth
, &pctrl
, NULL
);
3966 if (type
== EVP_PKEY_CTRL_MY_COMMAND
) {
3971 return pctrl(ctx
, type
, p1
, p2
);
3974 static int test_custom_pmeth(int idx
)
3976 EVP_PKEY_CTX
*pctx
= NULL
;
3977 EVP_MD_CTX
*ctx
= NULL
;
3978 EVP_PKEY
*pkey
= NULL
;
3979 int id
, orig_id
, orig_flags
;
3982 unsigned char *res
= NULL
;
3983 unsigned char msg
[] = { 'H', 'e', 'l', 'l', 'o' };
3984 const EVP_MD
*md
= EVP_sha256();
3989 /* We call deprecated APIs so this test doesn't support a custom libctx */
3990 if (testctx
!= NULL
)
3997 pkey
= load_example_rsa_key();
4001 # ifndef OPENSSL_NO_DSA
4003 pkey
= load_example_dsa_key();
4010 # ifndef OPENSSL_NO_EC
4012 pkey
= load_example_ec_key();
4019 # ifndef OPENSSL_NO_EC
4020 id
= EVP_PKEY_ED25519
;
4022 pkey
= load_example_ed25519_key();
4029 # ifndef OPENSSL_NO_DH
4032 pkey
= load_example_dh_key();
4039 # ifndef OPENSSL_NO_EC
4040 id
= EVP_PKEY_X25519
;
4042 pkey
= load_example_x25519_key();
4048 TEST_error("Should not happen");
4052 if (!TEST_ptr(pkey
))
4056 if (!TEST_true(evp_pkey_is_provided(pkey
)))
4059 EVP_PKEY
*tmp
= pkey
;
4061 /* Convert to a legacy key */
4062 pkey
= EVP_PKEY_new();
4063 if (!TEST_ptr(pkey
)) {
4067 if (!TEST_true(evp_pkey_copy_downgraded(&pkey
, tmp
))) {
4072 if (!TEST_true(evp_pkey_is_legacy(pkey
)))
4076 if (!TEST_ptr(orig_pmeth
= EVP_PKEY_meth_find(id
))
4080 EVP_PKEY_meth_get0_info(&orig_id
, &orig_flags
, orig_pmeth
);
4081 if (!TEST_int_eq(orig_id
, id
)
4082 || !TEST_ptr(custom_pmeth
= EVP_PKEY_meth_new(id
, orig_flags
)))
4085 if (id
== EVP_PKEY_ED25519
) {
4086 EVP_PKEY_meth_set_digestsign(custom_pmeth
, custom_pmeth_digestsign
);
4087 } if (id
== EVP_PKEY_DH
|| id
== EVP_PKEY_X25519
) {
4088 EVP_PKEY_meth_set_derive(custom_pmeth
, NULL
, custom_pmeth_derive
);
4090 EVP_PKEY_meth_set_sign(custom_pmeth
, NULL
, custom_pmeth_sign
);
4092 if (id
!= EVP_PKEY_ED25519
&& id
!= EVP_PKEY_X25519
) {
4093 EVP_PKEY_meth_set_init(custom_pmeth
, custom_pmeth_init
);
4094 EVP_PKEY_meth_set_cleanup(custom_pmeth
, custom_pmeth_cleanup
);
4095 EVP_PKEY_meth_set_copy(custom_pmeth
, custom_pmeth_copy
);
4097 EVP_PKEY_meth_set_ctrl(custom_pmeth
, custom_pmeth_ctrl
, NULL
);
4098 if (!TEST_true(EVP_PKEY_meth_add0(custom_pmeth
)))
4102 pctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
4104 || !TEST_int_eq(EVP_PKEY_derive_init(pctx
), 1)
4105 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4106 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4108 || !TEST_int_eq(ctrl_called
, 1)
4109 || !TEST_int_ge(EVP_PKEY_derive_set_peer(pctx
, pkey
), 1)
4110 || !TEST_int_ge(EVP_PKEY_derive(pctx
, NULL
, &reslen
), 1)
4111 || !TEST_ptr(res
= OPENSSL_malloc(reslen
))
4112 || !TEST_int_ge(EVP_PKEY_derive(pctx
, res
, &reslen
), 1))
4115 ctx
= EVP_MD_CTX_new();
4116 reslen
= EVP_PKEY_size(pkey
);
4117 res
= OPENSSL_malloc(reslen
);
4120 || !TEST_true(EVP_DigestSignInit(ctx
, &pctx
, md
, NULL
, pkey
))
4121 || !TEST_int_ge(EVP_PKEY_CTX_ctrl(pctx
, -1, -1,
4122 EVP_PKEY_CTRL_MY_COMMAND
, 0, NULL
),
4124 || !TEST_int_eq(ctrl_called
, 1))
4127 if (id
== EVP_PKEY_ED25519
) {
4128 if (!TEST_true(EVP_DigestSign(ctx
, res
, &reslen
, msg
, sizeof(msg
))))
4131 if (!TEST_true(EVP_DigestUpdate(ctx
, msg
, sizeof(msg
)))
4132 || !TEST_true(EVP_DigestSignFinal(ctx
, res
, &reslen
)))
4140 EVP_MD_CTX_free(ctx
);
4142 EVP_PKEY_CTX_free(pctx
);
4143 EVP_PKEY_free(pkey
);
4144 EVP_PKEY_meth_remove(custom_pmeth
);
4145 EVP_PKEY_meth_free(custom_pmeth
);
4146 custom_pmeth
= NULL
;
4150 static int test_evp_md_cipher_meth(void)
4152 EVP_MD
*md
= EVP_MD_meth_dup(EVP_sha256());
4153 EVP_CIPHER
*ciph
= EVP_CIPHER_meth_dup(EVP_aes_128_cbc());
4156 if (!TEST_ptr(md
) || !TEST_ptr(ciph
))
4162 EVP_MD_meth_free(md
);
4163 EVP_CIPHER_meth_free(ciph
);
4168 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4169 /* Test we can create a signature keys with an associated ENGINE */
4170 static int test_signatures_with_engine(int tst
)
4173 const char *engine_id
= "dasync";
4174 EVP_PKEY
*pkey
= NULL
;
4175 const unsigned char badcmackey
[] = { 0x00, 0x01 };
4176 const unsigned char cmackey
[] = {
4177 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4178 0x0c, 0x0d, 0x0e, 0x0f
4180 const unsigned char ed25519key
[] = {
4181 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4182 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
4183 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
4185 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4187 EVP_MD_CTX
*ctx
= NULL
;
4188 unsigned char *mac
= NULL
;
4192 # ifdef OPENSSL_NO_CMAC
4193 /* Skip CMAC tests in a no-cmac build */
4198 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4201 if (!TEST_true(ENGINE_init(e
))) {
4208 pkey
= EVP_PKEY_new_CMAC_key(e
, cmackey
, sizeof(cmackey
),
4212 pkey
= EVP_PKEY_new_CMAC_key(e
, badcmackey
, sizeof(badcmackey
),
4216 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_ED25519
, e
, ed25519key
,
4217 sizeof(ed25519key
));
4220 TEST_error("Invalid test case");
4223 if (!TEST_ptr(pkey
))
4226 if (!TEST_ptr(ctx
= EVP_MD_CTX_new()))
4229 ret
= EVP_DigestSignInit(ctx
, NULL
, tst
== 2 ? NULL
: EVP_sha256(), NULL
,
4232 if (!TEST_true(ret
))
4235 if (!TEST_true(EVP_DigestSignUpdate(ctx
, msg
, sizeof(msg
)))
4236 || !TEST_true(EVP_DigestSignFinal(ctx
, NULL
, &maclen
)))
4239 if (!TEST_ptr(mac
= OPENSSL_malloc(maclen
)))
4242 if (!TEST_true(EVP_DigestSignFinal(ctx
, mac
, &maclen
)))
4245 /* We used a bad key. We expect a failure here */
4246 if (!TEST_false(ret
))
4252 EVP_MD_CTX_free(ctx
);
4254 EVP_PKEY_free(pkey
);
4261 static int test_cipher_with_engine(void)
4264 const char *engine_id
= "dasync";
4265 const unsigned char keyiv
[] = {
4266 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
4267 0x0c, 0x0d, 0x0e, 0x0f
4269 const unsigned char msg
[] = { 0x00, 0x01, 0x02, 0x03 };
4271 EVP_CIPHER_CTX
*ctx
= NULL
, *ctx2
= NULL
;
4272 unsigned char buf
[AES_BLOCK_SIZE
];
4275 if (!TEST_ptr(e
= ENGINE_by_id(engine_id
)))
4278 if (!TEST_true(ENGINE_init(e
))) {
4283 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
4284 || !TEST_ptr(ctx2
= EVP_CIPHER_CTX_new()))
4287 if (!TEST_true(EVP_EncryptInit_ex(ctx
, EVP_aes_128_cbc(), e
, keyiv
, keyiv
)))
4290 /* Copy the ctx, and complete the operation with the new ctx */
4291 if (!TEST_true(EVP_CIPHER_CTX_copy(ctx2
, ctx
)))
4294 if (!TEST_true(EVP_EncryptUpdate(ctx2
, buf
, &len
, msg
, sizeof(msg
)))
4295 || !TEST_true(EVP_EncryptFinal_ex(ctx2
, buf
+ len
, &len
)))
4300 EVP_CIPHER_CTX_free(ctx
);
4301 EVP_CIPHER_CTX_free(ctx2
);
4307 # endif /* OPENSSL_NO_DYNAMIC_ENGINE */
4308 #endif /* OPENSSL_NO_DEPRECATED_3_0 */
4310 static int ecxnids
[] = {
4317 /* Test that creating ECX keys with a short private key fails as expected */
4318 static int test_ecx_short_keys(int tst
)
4320 unsigned char ecxkeydata
= 1;
4324 pkey
= EVP_PKEY_new_raw_private_key(ecxnids
[tst
], NULL
, &ecxkeydata
, 1);
4325 if (!TEST_ptr_null(pkey
)) {
4326 EVP_PKEY_free(pkey
);
4332 typedef enum OPTION_choice
{
4339 const OPTIONS
*test_get_options(void)
4341 static const OPTIONS options
[] = {
4342 OPT_TEST_OPTIONS_DEFAULT_USAGE
,
4343 { "context", OPT_CONTEXT
, '-', "Explicitly use a non-default library context" },
4349 int setup_tests(void)
4353 while ((o
= opt_next()) != OPT_EOF
) {
4356 /* Set up an alternate library context */
4357 testctx
= OSSL_LIB_CTX_new();
4358 if (!TEST_ptr(testctx
))
4360 /* Swap the libctx to test non-default context only */
4361 nullprov
= OSSL_PROVIDER_load(NULL
, "null");
4362 deflprov
= OSSL_PROVIDER_load(testctx
, "default");
4363 lgcyprov
= OSSL_PROVIDER_load(testctx
, "legacy");
4365 case OPT_TEST_CASES
:
4372 ADD_TEST(test_EVP_set_default_properties
);
4373 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 30);
4374 ADD_TEST(test_EVP_DigestVerifyInit
);
4375 #ifndef OPENSSL_NO_SIPHASH
4376 ADD_TEST(test_siphash_digestsign
);
4378 ADD_TEST(test_EVP_Digest
);
4379 ADD_TEST(test_EVP_md_null
);
4380 ADD_ALL_TESTS(test_EVP_PKEY_sign
, 3);
4381 ADD_ALL_TESTS(test_EVP_Enveloped
, 2);
4382 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
4383 ADD_TEST(test_privatekey_to_pkcs8
);
4384 ADD_TEST(test_EVP_PKCS82PKEY_wrong_tag
);
4385 #ifndef OPENSSL_NO_EC
4386 ADD_TEST(test_EVP_PKCS82PKEY
);
4388 #ifndef OPENSSL_NO_EC
4389 ADD_ALL_TESTS(test_EC_keygen_with_enc
, OSSL_NELEM(ec_encodings
));
4391 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
4392 ADD_TEST(test_EVP_SM2
);
4393 ADD_TEST(test_EVP_SM2_verify
);
4395 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
4396 #ifndef OPENSSL_NO_DEPRECATED_3_0
4397 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
4398 if (!TEST_ptr(custom_pmeth
))
4400 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
4401 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
4402 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
4403 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
4406 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
4407 #ifndef OPENSSL_NO_CMAC
4408 ADD_TEST(test_CMAC_keygen
);
4410 ADD_TEST(test_HKDF
);
4411 ADD_TEST(test_emptyikm_HKDF
);
4412 #ifndef OPENSSL_NO_EC
4413 ADD_TEST(test_X509_PUBKEY_inplace
);
4414 ADD_TEST(test_X509_PUBKEY_dup
);
4415 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
4416 OSSL_NELEM(ec_der_pub_keys
));
4418 #ifndef OPENSSL_NO_DSA
4419 ADD_TEST(test_DSA_get_set_params
);
4420 ADD_TEST(test_DSA_priv_pub
);
4422 ADD_TEST(test_RSA_get_set_params
);
4423 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
4424 ADD_TEST(test_decrypt_null_chunks
);
4426 #ifndef OPENSSL_NO_DH
4427 ADD_TEST(test_DH_priv_pub
);
4428 # ifndef OPENSSL_NO_DEPRECATED_3_0
4429 ADD_TEST(test_EVP_PKEY_set1_DH
);
4432 #ifndef OPENSSL_NO_EC
4433 ADD_TEST(test_EC_priv_pub
);
4434 # ifndef OPENSSL_NO_DEPRECATED_3_0
4435 ADD_TEST(test_EC_priv_only_legacy
);
4438 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
4439 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
4441 ADD_TEST(test_rand_agglomeration
);
4442 ADD_ALL_TESTS(test_evp_iv_aes
, 12);
4443 #ifndef OPENSSL_NO_DES
4444 ADD_ALL_TESTS(test_evp_iv_des
, 6);
4446 ADD_TEST(test_EVP_rsa_pss_with_keygen_bits
);
4447 ADD_TEST(test_EVP_rsa_pss_set_saltlen
);
4448 #ifndef OPENSSL_NO_EC
4449 ADD_ALL_TESTS(test_ecpub
, OSSL_NELEM(ecpub_nids
));
4452 ADD_TEST(test_names_do_all
);
4454 ADD_ALL_TESTS(test_evp_init_seq
, OSSL_NELEM(evp_init_tests
));
4455 ADD_ALL_TESTS(test_evp_reset
, OSSL_NELEM(evp_reset_tests
));
4456 ADD_ALL_TESTS(test_gcm_reinit
, OSSL_NELEM(gcm_reinit_tests
));
4457 ADD_ALL_TESTS(test_evp_updated_iv
, OSSL_NELEM(evp_updated_iv_tests
));
4459 #ifndef OPENSSL_NO_DEPRECATED_3_0
4460 ADD_ALL_TESTS(test_custom_pmeth
, 12);
4461 ADD_TEST(test_evp_md_cipher_meth
);
4463 # ifndef OPENSSL_NO_DYNAMIC_ENGINE
4464 /* Tests only support the default libctx */
4465 if (testctx
== NULL
) {
4466 # ifndef OPENSSL_NO_EC
4467 ADD_ALL_TESTS(test_signatures_with_engine
, 3);
4469 ADD_ALL_TESTS(test_signatures_with_engine
, 2);
4471 ADD_TEST(test_cipher_with_engine
);
4476 ADD_ALL_TESTS(test_ecx_short_keys
, OSSL_NELEM(ecxnids
));
4481 void cleanup_tests(void)
4483 OSSL_PROVIDER_unload(nullprov
);
4484 OSSL_PROVIDER_unload(deflprov
);
4485 OSSL_PROVIDER_unload(lgcyprov
);
4486 OSSL_LIB_CTX_free(testctx
);