2 * Copyright 2015-2020 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
10 /* We need to use some deprecated APIs */
11 #define OPENSSL_SUPPRESS_DEPRECATED
16 #include <openssl/bio.h>
17 #include <openssl/conf.h>
18 #include <openssl/crypto.h>
19 #include <openssl/err.h>
20 #include <openssl/evp.h>
21 #include <openssl/rsa.h>
22 #include <openssl/x509.h>
23 #include <openssl/pem.h>
24 #include <openssl/kdf.h>
25 #include <openssl/provider.h>
26 #include <openssl/core_names.h>
27 #include <openssl/params.h>
28 #include <openssl/dsa.h>
29 #include <openssl/dh.h>
31 #include "internal/nelem.h"
32 #include "internal/sizes.h"
33 #include "crypto/evp.h"
35 static OPENSSL_CTX
*testctx
= NULL
;
38 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
39 * should never use this key anywhere but in an example.
41 static const unsigned char kExampleRSAKeyDER
[] = {
42 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
43 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
44 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
45 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
46 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
47 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
48 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
49 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
50 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
51 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
52 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
53 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
54 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
55 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
56 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
57 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
58 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
59 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
60 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
61 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
62 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
63 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
64 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
65 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
66 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
67 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
68 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
69 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
70 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
71 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
72 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
73 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
74 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
75 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
76 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
77 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
78 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
79 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
80 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
81 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
82 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
83 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
84 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
85 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
86 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
87 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
88 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
89 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
90 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
91 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
92 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
96 * kExampleDSAKeyDER is a DSA private key in ASN.1, DER format. Of course, you
97 * should never use this key anywhere but in an example.
99 #ifndef OPENSSL_NO_DSA
100 static const unsigned char kExampleDSAKeyDER
[] = {
101 0x30, 0x82, 0x01, 0xba, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0x9a,
102 0x05, 0x6d, 0x33, 0xcd, 0x5d, 0x78, 0xa1, 0xbb, 0xcb, 0x7d, 0x5b, 0x8d,
103 0xb4, 0xcc, 0xbf, 0x03, 0x99, 0x64, 0xde, 0x38, 0x78, 0x06, 0x15, 0x2f,
104 0x86, 0x26, 0x77, 0xf3, 0xb1, 0x85, 0x00, 0xed, 0xfc, 0x28, 0x3a, 0x42,
105 0x4d, 0xab, 0xab, 0xdf, 0xbc, 0x9c, 0x16, 0xd0, 0x22, 0x50, 0xd1, 0x38,
106 0xdd, 0x3f, 0x64, 0x05, 0x9e, 0x68, 0x7a, 0x1e, 0xf1, 0x56, 0xbf, 0x1e,
107 0x2c, 0xc5, 0x97, 0x2a, 0xfe, 0x7a, 0x22, 0xdc, 0x6c, 0x68, 0xb8, 0x2e,
108 0x06, 0xdb, 0x41, 0xca, 0x98, 0xd8, 0x54, 0xc7, 0x64, 0x48, 0x24, 0x04,
109 0x20, 0xbc, 0x59, 0xe3, 0x6b, 0xea, 0x7e, 0xfc, 0x7e, 0xc5, 0x4e, 0xd4,
110 0xd8, 0x3a, 0xed, 0xcd, 0x5d, 0x99, 0xb8, 0x5c, 0xa2, 0x8b, 0xbb, 0x0b,
111 0xac, 0xe6, 0x8e, 0x25, 0x56, 0x22, 0x3a, 0x2d, 0x3a, 0x56, 0x41, 0x14,
112 0x1f, 0x1c, 0x8f, 0x53, 0x46, 0x13, 0x85, 0x02, 0x15, 0x00, 0x98, 0x7e,
113 0x92, 0x81, 0x88, 0xc7, 0x3f, 0x70, 0x49, 0x54, 0xf6, 0x76, 0xb4, 0xa3,
114 0x9e, 0x1d, 0x45, 0x98, 0x32, 0x7f, 0x02, 0x81, 0x80, 0x69, 0x4d, 0xef,
115 0x55, 0xff, 0x4d, 0x59, 0x2c, 0x01, 0xfa, 0x6a, 0x38, 0xe0, 0x70, 0x9f,
116 0x9e, 0x66, 0x8e, 0x3e, 0x8c, 0x52, 0x22, 0x9d, 0x15, 0x7e, 0x3c, 0xef,
117 0x4c, 0x7a, 0x61, 0x26, 0xe0, 0x2b, 0x81, 0x3f, 0xeb, 0xaf, 0x35, 0x38,
118 0x8d, 0xfe, 0xed, 0x46, 0xff, 0x5f, 0x03, 0x9b, 0x81, 0x92, 0xe7, 0x6f,
119 0x76, 0x4f, 0x1d, 0xd9, 0xbb, 0x89, 0xc9, 0x3e, 0xd9, 0x0b, 0xf9, 0xf4,
120 0x78, 0x11, 0x59, 0xc0, 0x1d, 0xcd, 0x0e, 0xa1, 0x6f, 0x15, 0xf1, 0x4d,
121 0xc1, 0xc9, 0x22, 0xed, 0x8d, 0xad, 0x67, 0xc5, 0x4b, 0x95, 0x93, 0x86,
122 0xa6, 0xaf, 0x8a, 0xee, 0x06, 0x89, 0x2f, 0x37, 0x7e, 0x64, 0xaa, 0xf6,
123 0xe7, 0xb1, 0x5a, 0x0a, 0x93, 0x95, 0x5d, 0x3e, 0x53, 0x9a, 0xde, 0x8a,
124 0xc2, 0x95, 0x45, 0x81, 0xbe, 0x5c, 0x2f, 0xc2, 0xb2, 0x92, 0x58, 0x19,
125 0x72, 0x80, 0xe9, 0x79, 0xa1, 0x02, 0x81, 0x80, 0x07, 0xd7, 0x62, 0xff,
126 0xdf, 0x1a, 0x3f, 0xed, 0x32, 0xd4, 0xd4, 0x88, 0x7b, 0x2c, 0x63, 0x7f,
127 0x97, 0xdc, 0x44, 0xd4, 0x84, 0xa2, 0xdd, 0x17, 0x16, 0x85, 0x13, 0xe0,
128 0xac, 0x51, 0x8d, 0x29, 0x1b, 0x75, 0x9a, 0xe4, 0xe3, 0x8a, 0x92, 0x69,
129 0x09, 0x03, 0xc5, 0x68, 0xae, 0x5e, 0x94, 0xfe, 0xc9, 0x92, 0x6c, 0x07,
130 0xb4, 0x1e, 0x64, 0x62, 0x87, 0xc6, 0xa4, 0xfd, 0x0d, 0x5f, 0xe5, 0xf9,
131 0x1b, 0x4f, 0x85, 0x5f, 0xae, 0xf3, 0x11, 0xe5, 0x18, 0xd4, 0x4d, 0x79,
132 0x9f, 0xc4, 0x79, 0x26, 0x04, 0x27, 0xf0, 0x0b, 0xee, 0x2b, 0x86, 0x9f,
133 0x86, 0x61, 0xe6, 0x51, 0xce, 0x04, 0x9b, 0x5d, 0x6b, 0x34, 0x43, 0x8c,
134 0x85, 0x3c, 0xf1, 0x51, 0x9b, 0x08, 0x23, 0x1b, 0xf5, 0x7e, 0x33, 0x12,
135 0xea, 0xab, 0x1f, 0xb7, 0x2d, 0xe2, 0x5f, 0xe6, 0x97, 0x99, 0xb5, 0x45,
136 0x16, 0x5b, 0xc3, 0x41, 0x02, 0x14, 0x61, 0xbf, 0x51, 0x60, 0xcf, 0xc8,
137 0xf1, 0x8c, 0x82, 0x97, 0xf2, 0xf4, 0x19, 0xba, 0x2b, 0xf3, 0x16, 0xbe,
143 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
144 * components are not correct.
146 static const unsigned char kExampleBadRSAKeyDER
[] = {
147 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
148 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
149 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
150 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
151 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
152 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
153 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
154 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
155 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
156 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
157 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
158 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
159 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
160 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
161 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
162 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
163 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
164 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
165 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
166 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
167 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
168 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
169 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
170 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
171 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
172 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
173 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
174 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
175 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
176 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
177 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
178 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
179 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
180 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
181 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
182 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
183 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
184 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
185 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
186 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
187 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
188 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
189 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
190 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
191 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
192 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
193 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
194 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
195 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
196 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
197 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
198 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
199 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
200 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
201 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
202 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
203 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
204 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
205 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
206 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
207 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
208 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
209 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
210 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
211 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
212 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
213 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
214 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
215 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
216 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
217 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
218 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
219 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
220 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
221 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
222 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
223 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
224 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
225 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
226 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
227 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
228 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
229 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
230 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
231 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
232 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
233 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
234 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
235 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
238 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
240 static const unsigned char kSignature
[] = {
241 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
242 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
243 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
244 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
245 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
246 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
247 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
248 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
249 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
250 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
251 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
255 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
258 static const unsigned char kExampleRSAKeyPKCS8
[] = {
259 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
260 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
261 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
262 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
263 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
264 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
265 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
266 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
267 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
268 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
269 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
270 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
271 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
272 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
273 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
274 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
275 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
276 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
277 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
278 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
279 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
280 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
281 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
282 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
283 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
284 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
285 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
286 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
287 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
288 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
289 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
290 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
291 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
292 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
293 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
294 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
295 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
296 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
297 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
298 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
299 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
300 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
301 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
302 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
303 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
304 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
305 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
306 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
307 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
308 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
309 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
310 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
311 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
314 #ifndef OPENSSL_NO_EC
316 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
319 static const unsigned char kExampleECKeyDER
[] = {
320 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
321 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
322 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
323 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
324 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
325 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
326 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
327 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
328 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
329 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
334 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
335 * structure. The private key is equal to the order and will fail to import
337 static const unsigned char kExampleBadECKeyDER
[] = {
338 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
339 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
340 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
341 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
342 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
343 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
344 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
345 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
346 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
350 static const unsigned char kExampleECPubKeyDER
[] = {
351 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
352 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
353 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
354 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
355 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
356 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
357 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
358 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
362 * kExampleBadECPubKeyDER is a sample EC public key with a wrong OID
363 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
365 static const unsigned char kExampleBadECPubKeyDER
[] = {
366 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
367 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
368 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
369 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
370 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
371 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
372 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
373 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
376 static const unsigned char pExampleECParamDER
[] = {
377 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
381 typedef struct APK_DATA_st
{
382 const unsigned char *kder
;
388 int type
; /* 0 for private, 1 for public, 2 for params */
391 static APK_DATA keydata
[] = {
392 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), EVP_PKEY_RSA
},
393 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), EVP_PKEY_RSA
},
394 #ifndef OPENSSL_NO_EC
395 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), EVP_PKEY_EC
}
399 static APK_DATA keycheckdata
[] = {
400 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), EVP_PKEY_RSA
, 1, -2, -2, 0},
401 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), EVP_PKEY_RSA
,
403 #ifndef OPENSSL_NO_EC
404 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), EVP_PKEY_EC
, 1, 1, 1, 0},
405 /* group is also associated in our pub key */
406 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), EVP_PKEY_EC
, 0, 1, 1, 1},
407 {pExampleECParamDER
, sizeof(pExampleECParamDER
), EVP_PKEY_EC
, 0, 0, 1, 2}
411 static EVP_PKEY
*load_example_rsa_key(void)
413 EVP_PKEY
*ret
= NULL
;
414 const unsigned char *derp
= kExampleRSAKeyDER
;
415 EVP_PKEY
*pkey
= NULL
;
418 if (!TEST_true(d2i_RSAPrivateKey(&rsa
, &derp
, sizeof(kExampleRSAKeyDER
))))
421 if (!TEST_ptr(pkey
= EVP_PKEY_new())
422 || !TEST_true(EVP_PKEY_set1_RSA(pkey
, rsa
)))
435 #ifndef OPENSSL_NO_DSA
436 static EVP_PKEY
*load_example_dsa_key(void)
438 EVP_PKEY
*ret
= NULL
;
439 const unsigned char *derp
= kExampleDSAKeyDER
;
440 EVP_PKEY
*pkey
= NULL
;
443 if (!TEST_true(d2i_DSAPrivateKey(&dsa
, &derp
, sizeof(kExampleDSAKeyDER
))))
446 if (!TEST_ptr(pkey
= EVP_PKEY_new())
447 || !TEST_true(EVP_PKEY_set1_DSA(pkey
, dsa
)))
461 static EVP_PKEY
*load_example_hmac_key(void)
463 EVP_PKEY
*pkey
= NULL
;
464 unsigned char key
[] = {
465 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
466 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
467 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f
470 pkey
= EVP_PKEY_new_raw_private_key(EVP_PKEY_HMAC
, NULL
, key
, sizeof(key
));
477 static int test_EVP_set_default_properties(void)
483 if (!TEST_ptr(ctx
= OPENSSL_CTX_new())
484 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
489 if (!TEST_true(EVP_set_default_properties(ctx
, "provider=fizzbang"))
490 || !TEST_ptr_null(md
= EVP_MD_fetch(ctx
, "sha256", NULL
))
491 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", "-provider")))
496 if (!TEST_true(EVP_set_default_properties(ctx
, NULL
))
497 || !TEST_ptr(md
= EVP_MD_fetch(ctx
, "sha256", NULL
)))
502 OPENSSL_CTX_free(ctx
);
506 static int test_EVP_Enveloped(void)
509 EVP_CIPHER_CTX
*ctx
= NULL
;
510 EVP_PKEY
*keypair
= NULL
;
511 unsigned char *kek
= NULL
;
512 unsigned char iv
[EVP_MAX_IV_LENGTH
];
513 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
514 int len
, kek_len
, ciphertext_len
, plaintext_len
;
515 unsigned char ciphertext
[32], plaintext
[16];
516 const EVP_CIPHER
*type
= EVP_aes_256_cbc();
518 if (!TEST_ptr(keypair
= load_example_rsa_key())
519 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_size(keypair
)))
520 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
521 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
523 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
525 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
529 ciphertext_len
+= len
;
531 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
532 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
533 ciphertext
, ciphertext_len
))
534 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
537 plaintext_len
+= len
;
538 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
544 EVP_PKEY_free(keypair
);
545 EVP_CIPHER_CTX_free(ctx
);
550 * Test 0: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, RSA)
551 * Test 1: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, DSA)
552 * Test 2: Standard calls to EVP_DigestSignInit/Update/Final (Implicit fetch digest, HMAC)
553 * Test 3: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, RSA)
554 * Test 4: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch digest, DSA)
555 * Test 5: Standard calls to EVP_DigestSignInit/Update/Final (Explicit fetch diegst, HMAC)
556 * Test 6: Use an MD BIO to do the Update calls instead (RSA)
557 * Test 7: Use an MD BIO to do the Update calls instead (DSA)
558 * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
560 static int test_EVP_DigestSignInit(int tst
)
563 EVP_PKEY
*pkey
= NULL
;
564 unsigned char *sig
= NULL
;
566 EVP_MD_CTX
*md_ctx
= NULL
, *md_ctx_verify
= NULL
;
567 EVP_MD_CTX
*a_md_ctx
= NULL
, *a_md_ctx_verify
= NULL
;
568 BIO
*mdbio
= NULL
, *membio
= NULL
;
571 EVP_MD
*mdexp
= NULL
;
574 membio
= BIO_new(BIO_s_mem());
575 mdbio
= BIO_new(BIO_f_md());
576 if (!TEST_ptr(membio
) || !TEST_ptr(mdbio
))
578 BIO_push(mdbio
, membio
);
579 if (!TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx
), 0))
582 if (!TEST_ptr(a_md_ctx
= md_ctx
= EVP_MD_CTX_new())
583 || !TEST_ptr(a_md_ctx_verify
= md_ctx_verify
= EVP_MD_CTX_new()))
587 if (tst
== 0 || tst
== 3 || tst
== 6) {
588 if (!TEST_ptr(pkey
= load_example_rsa_key()))
590 } else if (tst
== 1 || tst
== 4 || tst
== 7) {
591 #ifndef OPENSSL_NO_DSA
592 if (!TEST_ptr(pkey
= load_example_dsa_key()))
599 if (!TEST_ptr(pkey
= load_example_hmac_key()))
603 if (tst
>= 3 && tst
<= 5)
604 md
= mdexp
= EVP_MD_fetch(NULL
, "SHA256", NULL
);
608 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, md
, NULL
, pkey
)))
612 if (!BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
))
615 if (!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
619 /* Determine the size of the signature. */
620 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
621 || !TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
622 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
626 if (!TEST_int_gt(BIO_reset(mdbio
), 0)
627 || !TEST_int_gt(BIO_get_md_ctx(mdbio
, &md_ctx_verify
), 0))
632 * Ensure that the signature round-trips (Verification isn't supported for
633 * HMAC via EVP_DigestVerify*)
635 if (tst
!= 2 && tst
!= 5 && tst
!= 8) {
636 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, md
,
641 if (!TEST_true(BIO_write_ex(mdbio
, kMsg
, sizeof(kMsg
), &written
)))
644 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
,
648 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
657 EVP_MD_CTX_free(a_md_ctx
);
658 EVP_MD_CTX_free(a_md_ctx_verify
);
666 static int test_EVP_DigestVerifyInit(void)
669 EVP_PKEY
*pkey
= NULL
;
670 EVP_MD_CTX
*md_ctx
= NULL
;
672 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
673 || !TEST_ptr(pkey
= load_example_rsa_key()))
676 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
677 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
678 || !TEST_true(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
679 sizeof(kSignature
))))
684 EVP_MD_CTX_free(md_ctx
);
689 static int test_d2i_AutoPrivateKey(int i
)
692 const unsigned char *p
;
693 EVP_PKEY
*pkey
= NULL
;
694 const APK_DATA
*ak
= &keydata
[i
];
695 const unsigned char *input
= ak
->kder
;
696 size_t input_len
= ak
->size
;
697 int expected_id
= ak
->evptype
;
700 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
701 || !TEST_ptr_eq(p
, input
+ input_len
)
702 || !TEST_int_eq(EVP_PKEY_id(pkey
), expected_id
))
712 #ifndef OPENSSL_NO_EC
714 static const unsigned char ec_public_sect163k1_validxy
[] = {
715 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
716 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
717 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
718 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x02, 0xd1, 0x7b,
719 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
720 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
723 static const unsigned char ec_public_sect163k1_badx
[] = {
724 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
725 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
726 0x0a, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
727 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0xb0, 0x02, 0xd1, 0x7b,
728 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
729 0x6a, 0xd8, 0x17, 0x65, 0x41, 0x2f
732 static const unsigned char ec_public_sect163k1_bady
[] = {
733 0x30, 0x40, 0x30, 0x10, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
734 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, 0x00, 0x01, 0x03, 0x2c, 0x00, 0x04,
735 0x02, 0x84, 0x58, 0xa6, 0xd4, 0xa0, 0x35, 0x2b, 0xae, 0xf0, 0xc0, 0x69,
736 0x05, 0xcf, 0x2a, 0x50, 0x33, 0xf9, 0xe3, 0x92, 0x79, 0x0a, 0xd1, 0x7b,
737 0x9f, 0x22, 0x00, 0xf0, 0x3b, 0x0e, 0x5d, 0x2e, 0xb7, 0x23, 0x24, 0xf3,
738 0x6a, 0xd8, 0x17, 0x65, 0x41, 0xe6
741 static struct ec_der_pub_keys_st
{
742 const unsigned char *der
;
745 } ec_der_pub_keys
[] = {
746 { ec_public_sect163k1_validxy
, sizeof(ec_public_sect163k1_validxy
), 1 },
747 { ec_public_sect163k1_badx
, sizeof(ec_public_sect163k1_badx
), 0 },
748 { ec_public_sect163k1_bady
, sizeof(ec_public_sect163k1_bady
), 0 },
752 * Tests the range of the decoded EC char2 public point.
753 * See ec_GF2m_simple_oct2point().
755 static int test_invalide_ec_char2_pub_range_decode(int id
)
759 EC_KEY
*eckey
= NULL
;
761 if (!TEST_ptr(bio
= BIO_new_mem_buf(ec_der_pub_keys
[id
].der
,
762 ec_der_pub_keys
[id
].len
)))
764 eckey
= d2i_EC_PUBKEY_bio(bio
, NULL
);
765 ret
= (ec_der_pub_keys
[id
].valid
&& TEST_ptr(eckey
))
766 || TEST_ptr_null(eckey
);
773 /* Tests loading a bad key in PKCS8 format */
774 static int test_EVP_PKCS82PKEY(void)
777 const unsigned char *derp
= kExampleBadECKeyDER
;
778 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
779 EVP_PKEY
*pkey
= NULL
;
781 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
782 sizeof(kExampleBadECKeyDER
))))
785 if (!TEST_ptr_eq(derp
,
786 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
789 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
795 PKCS8_PRIV_KEY_INFO_free(p8inf
);
802 /* This uses kExampleRSAKeyDER and kExampleRSAKeyPKCS8 to verify encoding */
803 static int test_privatekey_to_pkcs8(void)
805 EVP_PKEY
*pkey
= NULL
;
811 if (!TEST_ptr(membio
= BIO_new(BIO_s_mem()))
812 || !TEST_ptr(pkey
= load_example_rsa_key())
813 || !TEST_int_gt(i2d_PKCS8PrivateKey_bio(membio
, pkey
, NULL
,
814 NULL
, 0, NULL
, NULL
),
816 || !TEST_int_gt(membuf_len
= BIO_get_mem_data(membio
, &membuf
), 0)
818 || !TEST_mem_eq(membuf
, (size_t)membuf_len
,
819 kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
))
821 * We try to write PEM as well, just to see that it doesn't err, but
822 * assume that the result is correct.
824 || !TEST_int_gt(PEM_write_bio_PKCS8PrivateKey(membio
, pkey
, NULL
,
825 NULL
, 0, NULL
, NULL
),
832 BIO_free_all(membio
);
836 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
838 static int test_EVP_SM2_verify(void)
840 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
842 "-----BEGIN PUBLIC KEY-----\n"
843 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
844 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
845 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
846 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
847 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
848 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
849 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
850 "-----END PUBLIC KEY-----\n";
852 const char *msg
= "message digest";
853 const char *id
= "ALICE123@YAHOO.COM";
855 const uint8_t signature
[] = {
856 0x30, 0x44, 0x02, 0x20,
858 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
859 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
860 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
864 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
865 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
866 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
871 EVP_PKEY
*pkey
= NULL
;
872 EVP_MD_CTX
*mctx
= NULL
;
873 EVP_PKEY_CTX
*pctx
= NULL
;
875 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
876 if (!TEST_true(bio
!= NULL
))
879 pkey
= PEM_read_bio_PUBKEY(bio
, NULL
, NULL
, NULL
);
880 if (!TEST_true(pkey
!= NULL
))
883 if (!TEST_true(EVP_PKEY_set_alias_type(pkey
, EVP_PKEY_SM2
)))
886 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
889 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
892 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, (const uint8_t *)id
,
896 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
898 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, EVP_sm3(), NULL
, pkey
)))
901 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
904 if (!TEST_true(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
))))
911 EVP_PKEY_CTX_free(pctx
);
912 EVP_MD_CTX_free(mctx
);
916 static int test_EVP_SM2(void)
919 EVP_PKEY
*pkey
= NULL
;
920 EVP_PKEY
*params
= NULL
;
921 EVP_PKEY_CTX
*pctx
= NULL
;
922 EVP_PKEY_CTX
*kctx
= NULL
;
923 EVP_PKEY_CTX
*sctx
= NULL
;
925 unsigned char *sig
= NULL
;
926 EVP_MD_CTX
*md_ctx
= NULL
;
927 EVP_MD_CTX
*md_ctx_verify
= NULL
;
928 EVP_PKEY_CTX
*cctx
= NULL
;
930 uint8_t ciphertext
[128];
931 size_t ctext_len
= sizeof(ciphertext
);
933 uint8_t plaintext
[8];
934 size_t ptext_len
= sizeof(plaintext
);
936 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
938 pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
942 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
945 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
948 if (!TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
)))
951 kctx
= EVP_PKEY_CTX_new(params
, NULL
);
955 if (!TEST_true(EVP_PKEY_keygen_init(kctx
)))
958 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
961 if (!TEST_true(EVP_PKEY_set_alias_type(pkey
, EVP_PKEY_SM2
)))
964 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
967 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
970 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
973 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
974 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
976 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
979 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, EVP_sm3(), NULL
, pkey
)))
982 if(!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
985 /* Determine the size of the signature. */
986 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
989 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
992 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
995 /* Ensure that the signature round-trips. */
997 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, EVP_sm3(), NULL
, pkey
)))
1000 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
1003 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
1006 /* now check encryption/decryption */
1008 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
1011 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
1014 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
, sizeof(kMsg
))))
1017 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
1020 if (!TEST_true(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
, ctext_len
)))
1023 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
1026 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
1031 EVP_PKEY_CTX_free(pctx
);
1032 EVP_PKEY_CTX_free(kctx
);
1033 EVP_PKEY_CTX_free(sctx
);
1034 EVP_PKEY_CTX_free(cctx
);
1035 EVP_PKEY_free(pkey
);
1036 EVP_PKEY_free(params
);
1037 EVP_MD_CTX_free(md_ctx
);
1038 EVP_MD_CTX_free(md_ctx_verify
);
1045 static struct keys_st
{
1051 EVP_PKEY_HMAC
, "0123456789", NULL
1053 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
1055 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
1057 #ifndef OPENSSL_NO_EC
1059 EVP_PKEY_X25519
, "01234567890123456789012345678901",
1060 "abcdefghijklmnopqrstuvwxyzabcdef"
1062 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
1063 "abcdefghijklmnopqrstuvwxyzabcdef"
1066 "01234567890123456789012345678901234567890123456789012345",
1067 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
1070 "012345678901234567890123456789012345678901234567890123456",
1071 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
1076 static int test_set_get_raw_keys_int(int tst
, int pub
, int uselibctx
)
1079 unsigned char buf
[80];
1081 size_t inlen
, len
= 0;
1084 /* Check if this algorithm supports public keys */
1085 if (keys
[tst
].pub
== NULL
)
1088 memset(buf
, 0, sizeof(buf
));
1091 inlen
= strlen(keys
[tst
].pub
);
1092 in
= (unsigned char *)keys
[tst
].pub
;
1094 pkey
= EVP_PKEY_new_raw_public_key_with_libctx(
1096 OBJ_nid2sn(keys
[tst
].type
),
1101 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
1107 inlen
= strlen(keys
[tst
].priv
);
1108 in
= (unsigned char *)keys
[tst
].priv
;
1110 pkey
= EVP_PKEY_new_raw_private_key_with_libctx(
1111 testctx
, OBJ_nid2sn(keys
[tst
].type
),
1116 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
1124 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
1125 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
1126 || !TEST_true(len
== inlen
)
1127 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
1128 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
1129 || !TEST_mem_eq(in
, inlen
, buf
, len
))
1134 EVP_PKEY_free(pkey
);
1138 static int test_set_get_raw_keys(int tst
)
1140 return test_set_get_raw_keys_int(tst
, 0, 0)
1141 && test_set_get_raw_keys_int(tst
, 0, 1)
1142 && test_set_get_raw_keys_int(tst
, 1, 0)
1143 && test_set_get_raw_keys_int(tst
, 1, 1);
1146 #ifndef OPENSSL_NO_DEPRECATED_3_0
1147 static int pkey_custom_check(EVP_PKEY
*pkey
)
1152 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
1157 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
1162 static EVP_PKEY_METHOD
*custom_pmeth
;
1165 static int test_EVP_PKEY_check(int i
)
1168 const unsigned char *p
;
1169 EVP_PKEY
*pkey
= NULL
;
1170 #ifndef OPENSSL_NO_EC
1171 EC_KEY
*eckey
= NULL
;
1173 EVP_PKEY_CTX
*ctx
= NULL
;
1174 #ifndef OPENSSL_NO_DEPRECATED_3_0
1175 EVP_PKEY_CTX
*ctx2
= NULL
;
1177 const APK_DATA
*ak
= &keycheckdata
[i
];
1178 const unsigned char *input
= ak
->kder
;
1179 size_t input_len
= ak
->size
;
1180 int expected_id
= ak
->evptype
;
1181 int expected_check
= ak
->check
;
1182 int expected_pub_check
= ak
->pub_check
;
1183 int expected_param_check
= ak
->param_check
;
1184 int type
= ak
->type
;
1191 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
1192 || !TEST_ptr_eq(p
, input
+ input_len
)
1193 || !TEST_int_eq(EVP_PKEY_id(pkey
), expected_id
))
1196 #ifndef OPENSSL_NO_EC
1198 if (!TEST_ptr(pubkey
= BIO_new_mem_buf(input
, input_len
))
1199 || !TEST_ptr(eckey
= d2i_EC_PUBKEY_bio(pubkey
, NULL
))
1200 || !TEST_ptr(pkey
= EVP_PKEY_new())
1201 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1205 if (!TEST_ptr(eckey
= d2i_ECParameters(NULL
, &p
, input_len
))
1206 || !TEST_ptr_eq(p
, input
+ input_len
)
1207 || !TEST_ptr(pkey
= EVP_PKEY_new())
1208 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
1216 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
1219 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
1222 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
1225 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
1228 #ifndef OPENSSL_NO_DEPRECATED_3_0
1229 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
1230 /* assign the pkey directly, as an internal test */
1231 EVP_PKEY_up_ref(pkey
);
1234 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
1237 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
1240 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
1247 EVP_PKEY_CTX_free(ctx
);
1248 #ifndef OPENSSL_NO_DEPRECATED_3_0
1249 EVP_PKEY_CTX_free(ctx2
);
1251 EVP_PKEY_free(pkey
);
1256 #ifndef OPENSSL_NO_CMAC
1257 static int test_CMAC_keygen(void)
1260 * This is a legacy method for CMACs, but should still work.
1261 * This verifies that it works without an ENGINE.
1263 EVP_PKEY_CTX
*kctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_CMAC
, NULL
);
1266 if (!TEST_true(EVP_PKEY_keygen_init(kctx
) > 0)
1267 && !TEST_true(EVP_PKEY_CTX_ctrl(kctx
, -1, EVP_PKEY_OP_KEYGEN
,
1268 EVP_PKEY_CTRL_CIPHER
,
1269 0, (void *)EVP_aes_256_ecb()) > 0))
1274 EVP_PKEY_CTX_free(kctx
);
1279 static int test_HKDF(void)
1282 unsigned char out
[20];
1285 unsigned char salt
[] = "0123456789";
1286 unsigned char key
[] = "012345678901234567890123456789";
1287 unsigned char info
[] = "infostring";
1288 const unsigned char expected
[] = {
1289 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
1290 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
1292 size_t expectedlen
= sizeof(expected
);
1294 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF
, NULL
)))
1297 /* We do this twice to test reuse of the EVP_PKEY_CTX */
1298 for (i
= 0; i
< 2; i
++) {
1299 outlen
= sizeof(out
);
1300 memset(out
, 0, outlen
);
1302 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
1303 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
1304 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
1305 sizeof(salt
) - 1), 0)
1306 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
1307 sizeof(key
) - 1), 0)
1308 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
1309 sizeof(info
) - 1), 0)
1310 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
1311 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
1318 EVP_PKEY_CTX_free(pctx
);
1323 static int test_emptyikm_HKDF(void)
1326 unsigned char out
[20];
1329 unsigned char salt
[] = "9876543210";
1330 unsigned char key
[] = "";
1331 unsigned char info
[] = "stringinfo";
1332 const unsigned char expected
[] = {
1333 0x68, 0x81, 0xa5, 0x3e, 0x5b, 0x9c, 0x7b, 0x6f, 0x2e, 0xec, 0xc8, 0x47,
1334 0x7c, 0xfa, 0x47, 0x35, 0x66, 0x82, 0x15, 0x30
1336 size_t expectedlen
= sizeof(expected
);
1338 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF
, NULL
)))
1341 outlen
= sizeof(out
);
1342 memset(out
, 0, outlen
);
1344 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
1345 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
1346 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
1347 sizeof(salt
) - 1), 0)
1348 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
1349 sizeof(key
) - 1), 0)
1350 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
1351 sizeof(info
) - 1), 0)
1352 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
1353 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
1359 EVP_PKEY_CTX_free(pctx
);
1364 #ifndef OPENSSL_NO_EC
1365 static int test_X509_PUBKEY_inplace(void)
1368 X509_PUBKEY
*xp
= NULL
;
1369 const unsigned char *p
= kExampleECPubKeyDER
;
1370 size_t input_len
= sizeof(kExampleECPubKeyDER
);
1372 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(NULL
, &p
, input_len
)))
1375 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
1378 p
= kExampleBadECPubKeyDER
;
1379 input_len
= sizeof(kExampleBadECPubKeyDER
);
1381 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
1384 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
1390 X509_PUBKEY_free(xp
);
1393 #endif /* OPENSSL_NO_EC */
1395 /* Test getting and setting parameters on an EVP_PKEY_CTX */
1396 static int test_EVP_PKEY_CTX_get_set_params(EVP_PKEY
*pkey
)
1398 EVP_MD_CTX
*mdctx
= NULL
;
1399 EVP_PKEY_CTX
*ctx
= NULL
;
1400 const OSSL_PARAM
*params
;
1401 OSSL_PARAM ourparams
[2], *param
= ourparams
, *param_md
;
1404 char mdname
[OSSL_MAX_NAME_SIZE
];
1407 /* Initialise a sign operation */
1408 ctx
= EVP_PKEY_CTX_new(pkey
, NULL
);
1410 || !TEST_int_gt(EVP_PKEY_sign_init(ctx
), 0))
1414 * We should be able to query the parameters now.
1416 params
= EVP_PKEY_CTX_settable_params(ctx
);
1417 if (!TEST_ptr(params
)
1418 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
1419 OSSL_SIGNATURE_PARAM_DIGEST
)))
1422 params
= EVP_PKEY_CTX_gettable_params(ctx
);
1423 if (!TEST_ptr(params
)
1424 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
1425 OSSL_SIGNATURE_PARAM_ALGORITHM_ID
))
1426 || !TEST_ptr(OSSL_PARAM_locate_const(params
,
1427 OSSL_SIGNATURE_PARAM_DIGEST
)))
1431 * Test getting and setting params via EVP_PKEY_CTX_set_params() and
1432 * EVP_PKEY_CTX_get_params()
1434 strcpy(mdname
, "SHA512");
1436 *param
++ = OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
1438 *param
++ = OSSL_PARAM_construct_end();
1440 if (!TEST_true(EVP_PKEY_CTX_set_params(ctx
, ourparams
)))
1444 *param_md
= OSSL_PARAM_construct_utf8_string(OSSL_SIGNATURE_PARAM_DIGEST
,
1445 mdname
, sizeof(mdname
));
1446 if (!TEST_true(EVP_PKEY_CTX_get_params(ctx
, ourparams
))
1447 || !TEST_str_eq(mdname
, "SHA512"))
1451 * Test the TEST_PKEY_CTX_set_signature_md() and
1452 * TEST_PKEY_CTX_get_signature_md() functions
1454 if (!TEST_int_gt(EVP_PKEY_CTX_set_signature_md(ctx
, EVP_sha256()), 0)
1455 || !TEST_int_gt(EVP_PKEY_CTX_get_signature_md(ctx
, &md
), 0)
1456 || !TEST_ptr_eq(md
, EVP_sha256()))
1460 * Test getting MD parameters via an associated EVP_PKEY_CTX
1462 mdctx
= EVP_MD_CTX_new();
1463 if (!TEST_ptr(mdctx
)
1464 || !TEST_true(EVP_DigestSignInit_with_libctx(mdctx
, NULL
,
1470 * We now have an EVP_MD_CTX with an EVP_PKEY_CTX inside it. We should be
1471 * able to obtain the digest's settable parameters from the provider.
1473 params
= EVP_MD_CTX_settable_params(mdctx
);
1474 if (!TEST_ptr(params
)
1475 || !TEST_int_eq(strcmp(params
[0].key
, OSSL_DIGEST_PARAM_SSL3_MS
), 0)
1476 /* The final key should be NULL */
1477 || !TEST_ptr_null(params
[1].key
))
1481 memset(ssl3ms
, 0, sizeof(ssl3ms
));
1482 *param
++ = OSSL_PARAM_construct_octet_string(OSSL_DIGEST_PARAM_SSL3_MS
,
1483 ssl3ms
, sizeof(ssl3ms
));
1484 *param
++ = OSSL_PARAM_construct_end();
1486 if (!TEST_true(EVP_MD_CTX_set_params(mdctx
, ourparams
)))
1492 EVP_MD_CTX_free(mdctx
);
1493 EVP_PKEY_CTX_free(ctx
);
1498 #ifndef OPENSSL_NO_DSA
1499 static int test_DSA_get_set_params(void)
1502 BIGNUM
*p
= NULL
, *q
= NULL
, *g
= NULL
, *pub
= NULL
, *priv
= NULL
;
1503 EVP_PKEY
*pkey
= NULL
;
1507 * Setup the parameters for our DSA object. For our purposes they don't
1508 * have to actually be *valid* parameters. We just need to set something.
1521 || !DSA_set0_pqg(dsa
, p
, q
, g
)
1522 || !DSA_set0_key(dsa
, pub
, priv
))
1524 p
= q
= g
= pub
= priv
= NULL
;
1526 pkey
= EVP_PKEY_new();
1528 || !TEST_true(EVP_PKEY_assign_DSA(pkey
, dsa
)))
1533 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
1536 EVP_PKEY_free(pkey
);
1548 static int test_RSA_get_set_params(void)
1551 BIGNUM
*n
= NULL
, *e
= NULL
, *d
= NULL
;
1552 EVP_PKEY
*pkey
= NULL
;
1556 * Setup the parameters for our RSA object. For our purposes they don't
1557 * have to actually be *valid* parameters. We just need to set something.
1567 || !RSA_set0_key(rsa
, n
, e
, d
))
1571 pkey
= EVP_PKEY_new();
1573 || !TEST_true(EVP_PKEY_assign_RSA(pkey
, rsa
)))
1578 ret
= test_EVP_PKEY_CTX_get_set_params(pkey
);
1581 EVP_PKEY_free(pkey
);
1590 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1591 static int test_decrypt_null_chunks(void)
1593 EVP_CIPHER_CTX
* ctx
= NULL
;
1594 const unsigned char key
[32] = {
1595 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
1596 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17,
1597 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1
1599 unsigned char iv
[12] = {
1600 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b
1602 unsigned char msg
[] = "It was the best of times, it was the worst of times";
1603 unsigned char ciphertext
[80];
1604 unsigned char plaintext
[80];
1605 /* We initialise tmp to a non zero value on purpose */
1606 int ctlen
, ptlen
, tmp
= 99;
1608 const int enc_offset
= 10, dec_offset
= 20;
1610 if (!TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
1611 || !TEST_true(EVP_EncryptInit_ex(ctx
, EVP_chacha20_poly1305(), NULL
,
1613 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &ctlen
, msg
,
1615 /* Deliberate add a zero length update */
1616 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
, NULL
,
1618 || !TEST_int_eq(tmp
, 0)
1619 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
+ ctlen
, &tmp
,
1621 sizeof(msg
) - enc_offset
))
1622 || !TEST_int_eq(ctlen
+= tmp
, sizeof(msg
))
1623 || !TEST_true(EVP_EncryptFinal(ctx
, ciphertext
+ ctlen
, &tmp
))
1624 || !TEST_int_eq(tmp
, 0))
1627 /* Deliberately initialise tmp to a non zero value */
1629 if (!TEST_true(EVP_DecryptInit_ex(ctx
, EVP_chacha20_poly1305(), NULL
, key
,
1631 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
, &ptlen
, ciphertext
,
1634 * Deliberately add a zero length update. We also deliberately do
1635 * this at a different offset than for encryption.
1637 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
, NULL
,
1639 || !TEST_int_eq(tmp
, 0)
1640 || !TEST_true(EVP_DecryptUpdate(ctx
, plaintext
+ ptlen
, &tmp
,
1641 ciphertext
+ dec_offset
,
1642 ctlen
- dec_offset
))
1643 || !TEST_int_eq(ptlen
+= tmp
, sizeof(msg
))
1644 || !TEST_true(EVP_DecryptFinal(ctx
, plaintext
+ ptlen
, &tmp
))
1645 || !TEST_int_eq(tmp
, 0)
1646 || !TEST_mem_eq(msg
, sizeof(msg
), plaintext
, ptlen
))
1651 EVP_CIPHER_CTX_free(ctx
);
1654 #endif /* !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305) */
1656 #ifndef OPENSSL_NO_DH
1657 static int test_EVP_PKEY_set1_DH(void)
1659 DH
*x942dh
= NULL
, *noqdh
= NULL
;
1660 EVP_PKEY
*pkey1
= NULL
, *pkey2
= NULL
;
1662 BIGNUM
*p
, *g
= NULL
;
1664 if (!TEST_ptr(p
= BN_new())
1665 || !TEST_ptr(g
= BN_new())
1666 || !BN_set_word(p
, 9999)
1667 || !BN_set_word(g
, 2)
1668 || !TEST_ptr(noqdh
= DH_new())
1669 || !DH_set0_pqg(noqdh
, p
, NULL
, g
))
1673 x942dh
= DH_get_2048_256();
1674 pkey1
= EVP_PKEY_new();
1675 pkey2
= EVP_PKEY_new();
1676 if (!TEST_ptr(x942dh
)
1679 || !TEST_ptr(pkey2
))
1682 if(!TEST_true(EVP_PKEY_set1_DH(pkey1
, x942dh
))
1683 || !TEST_int_eq(EVP_PKEY_id(pkey1
), EVP_PKEY_DHX
))
1686 if(!TEST_true(EVP_PKEY_set1_DH(pkey2
, noqdh
))
1687 || !TEST_int_eq(EVP_PKEY_id(pkey2
), EVP_PKEY_DH
))
1694 EVP_PKEY_free(pkey1
);
1695 EVP_PKEY_free(pkey2
);
1704 * We test what happens with an empty template. For the sake of this test,
1705 * the template must be ignored, and we know that's the case for RSA keys
1706 * (this might arguably be a misfeature, but that's what we currently do,
1707 * even in provider code, since that's how the legacy RSA implementation
1710 static int test_keygen_with_empty_template(int n
)
1712 EVP_PKEY_CTX
*ctx
= NULL
;
1713 EVP_PKEY
*pkey
= NULL
;
1714 EVP_PKEY
*tkey
= NULL
;
1719 /* We do test with no template at all as well */
1720 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_RSA
, NULL
)))
1724 /* Here we create an empty RSA key that serves as our template */
1725 if (!TEST_ptr(tkey
= EVP_PKEY_new())
1726 || !TEST_true(EVP_PKEY_set_type(tkey
, EVP_PKEY_RSA
))
1727 || !TEST_ptr(ctx
= EVP_PKEY_CTX_new(tkey
, NULL
)))
1732 if (!TEST_int_gt(EVP_PKEY_keygen_init(ctx
), 0)
1733 || !TEST_int_gt(EVP_PKEY_keygen(ctx
, &pkey
), 0))
1738 EVP_PKEY_CTX_free(ctx
);
1739 EVP_PKEY_free(pkey
);
1740 EVP_PKEY_free(tkey
);
1745 * Test that we fail if we attempt to use an algorithm that is not available
1746 * in the current library context (unless we are using an algorithm that should
1747 * be made available via legacy codepaths).
1749 static int test_pkey_ctx_fail_without_provider(int tst
)
1751 OPENSSL_CTX
*tmpctx
= OPENSSL_CTX_new();
1752 OSSL_PROVIDER
*nullprov
= NULL
;
1753 EVP_PKEY_CTX
*pctx
= NULL
;
1756 if (!TEST_ptr(tmpctx
))
1759 nullprov
= OSSL_PROVIDER_load(tmpctx
, "null");
1760 if (!TEST_ptr(nullprov
))
1763 pctx
= EVP_PKEY_CTX_new_from_name(tmpctx
, tst
== 0 ? "RSA" : "HMAC", "");
1765 /* RSA is not available via any provider so we expect this to fail */
1766 if (tst
== 0 && !TEST_ptr_null(pctx
))
1770 * HMAC is always available because it is implemented via legacy codepaths
1771 * and not in a provider at all. We expect this to pass.
1773 if (tst
== 1 && !TEST_ptr(pctx
))
1779 EVP_PKEY_CTX_free(pctx
);
1780 OSSL_PROVIDER_unload(nullprov
);
1781 OPENSSL_CTX_free(tmpctx
);
1785 static int test_rand_agglomeration(void)
1789 OSSL_PARAM params
[3], *p
= params
;
1791 unsigned int step
= 7;
1792 static unsigned char seed
[] = "It does not matter how slowly you go "
1793 "as long as you do not stop.";
1794 unsigned char out
[sizeof(seed
)];
1796 if (!TEST_int_ne(sizeof(seed
) % step
, 0)
1797 || !TEST_ptr(rand
= EVP_RAND_fetch(NULL
, "TEST-RAND", NULL
)))
1799 ctx
= EVP_RAND_CTX_new(rand
, NULL
);
1800 EVP_RAND_free(rand
);
1804 memset(out
, 0, sizeof(out
));
1805 *p
++ = OSSL_PARAM_construct_octet_string(OSSL_RAND_PARAM_TEST_ENTROPY
,
1806 seed
, sizeof(seed
));
1807 *p
++ = OSSL_PARAM_construct_uint(OSSL_DRBG_PARAM_MAX_REQUEST
, &step
);
1808 *p
= OSSL_PARAM_construct_end();
1809 res
= TEST_true(EVP_RAND_set_ctx_params(ctx
, params
))
1810 && TEST_true(EVP_RAND_generate(ctx
, out
, sizeof(out
), 0, 1, NULL
, 0))
1811 && TEST_mem_eq(seed
, sizeof(seed
), out
, sizeof(out
));
1812 EVP_RAND_CTX_free(ctx
);
1817 * Test that we correctly return the original or "running" IV after
1818 * an encryption operation.
1819 * Run multiple times for some different relevant algorithms/modes.
1821 static int test_evp_iv(int idx
)
1824 EVP_CIPHER_CTX
*ctx
= NULL
;
1825 unsigned char key
[16] = {0x4c, 0x43, 0xdb, 0xdd, 0x42, 0x73, 0x47, 0xd1,
1826 0xe5, 0x62, 0x7d, 0xcd, 0x4d, 0x76, 0x4d, 0x57};
1827 unsigned char init_iv
[EVP_MAX_IV_LENGTH
] =
1828 {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98, 0x82,
1829 0x5a, 0x55, 0x91, 0x81, 0x42, 0xa8, 0x89, 0x34};
1830 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8,
1831 9, 10, 11, 12, 13, 14, 15, 16 };
1832 unsigned char ciphertext
[32], oiv
[16], iv
[16];
1833 unsigned char *ref_iv
;
1834 unsigned char cbc_state
[16] = {0x10, 0x2f, 0x05, 0xcc, 0xc2, 0x55, 0x72, 0xb9,
1835 0x88, 0xe6, 0x4a, 0x17, 0x10, 0x74, 0x22, 0x5e};
1837 unsigned char ofb_state
[16] = {0x76, 0xe6, 0x66, 0x61, 0xd0, 0x8a, 0xe4, 0x64,
1838 0xdd, 0x66, 0xbf, 0x00, 0xf0, 0xe3, 0x6f, 0xfd};
1839 unsigned char gcm_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
1840 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
1841 unsigned char ccm_state
[7] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b, 0x98};
1842 #ifndef OPENSSL_NO_OCB
1843 unsigned char ocb_state
[12] = {0x57, 0x71, 0x7d, 0xad, 0xdb, 0x9b,
1844 0x98, 0x82, 0x5a, 0x55, 0x91, 0x81};
1846 int len
= sizeof(ciphertext
);
1847 size_t ivlen
, ref_len
;
1848 const EVP_CIPHER
*type
= NULL
;
1852 type
= EVP_aes_128_cbc();
1855 type
= (type
!= NULL
) ? type
:
1856 EVP_CIPHER_fetch(testctx
, "aes-128-cbc", NULL
);
1858 ref_len
= sizeof(cbc_state
);
1861 type
= EVP_aes_128_ofb();
1864 type
= (type
!= NULL
) ? type
:
1865 EVP_CIPHER_fetch(testctx
, "aes-128-ofb", NULL
);
1867 ref_len
= sizeof(ofb_state
);
1870 type
= EVP_aes_128_gcm();
1873 type
= (type
!= NULL
) ? type
:
1874 EVP_CIPHER_fetch(testctx
, "aes-128-gcm", NULL
);
1876 ref_len
= sizeof(gcm_state
);
1879 type
= EVP_aes_128_ccm();
1882 type
= (type
!= NULL
) ? type
:
1883 EVP_CIPHER_fetch(testctx
, "aes-128-ccm", NULL
);
1885 ref_len
= sizeof(ccm_state
);
1887 #ifdef OPENSSL_NO_OCB
1893 type
= EVP_aes_128_ocb();
1896 type
= (type
!= NULL
) ? type
:
1897 EVP_CIPHER_fetch(testctx
, "aes-128-ocb", NULL
);
1899 ref_len
= sizeof(ocb_state
);
1907 || !TEST_ptr((ctx
= EVP_CIPHER_CTX_new()))
1908 || !TEST_true(EVP_EncryptInit_ex(ctx
, type
, NULL
, key
, init_iv
))
1909 || !TEST_true(EVP_EncryptUpdate(ctx
, ciphertext
, &len
, msg
,
1911 || !TEST_true(EVP_CIPHER_CTX_get_iv(ctx
, oiv
, sizeof(oiv
)))
1912 || !TEST_true(EVP_CIPHER_CTX_get_iv_state(ctx
, iv
, sizeof(iv
)))
1913 || !TEST_true(EVP_EncryptFinal_ex(ctx
, ciphertext
, &len
)))
1915 ivlen
= EVP_CIPHER_CTX_iv_length(ctx
);
1916 if (!TEST_mem_eq(init_iv
, ivlen
, oiv
, ivlen
)
1917 || !TEST_mem_eq(ref_iv
, ref_len
, iv
, ivlen
))
1922 EVP_CIPHER_CTX_free(ctx
);
1924 EVP_CIPHER_free((EVP_CIPHER
*)type
);
1928 int setup_tests(void)
1930 testctx
= OPENSSL_CTX_new();
1932 if (!TEST_ptr(testctx
))
1935 ADD_TEST(test_EVP_set_default_properties
);
1936 ADD_ALL_TESTS(test_EVP_DigestSignInit
, 9);
1937 ADD_TEST(test_EVP_DigestVerifyInit
);
1938 ADD_TEST(test_EVP_Enveloped
);
1939 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
1940 ADD_TEST(test_privatekey_to_pkcs8
);
1941 #ifndef OPENSSL_NO_EC
1942 ADD_TEST(test_EVP_PKCS82PKEY
);
1944 #if !defined(OPENSSL_NO_SM2) && !defined(FIPS_MODULE)
1945 ADD_TEST(test_EVP_SM2
);
1946 ADD_TEST(test_EVP_SM2_verify
);
1948 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
1949 #ifndef OPENSSL_NO_DEPRECATED_3_0
1950 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
1951 if (!TEST_ptr(custom_pmeth
))
1953 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
1954 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
1955 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
1956 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
1959 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
1960 #ifndef OPENSSL_NO_CMAC
1961 ADD_TEST(test_CMAC_keygen
);
1963 ADD_TEST(test_HKDF
);
1964 ADD_TEST(test_emptyikm_HKDF
);
1965 #ifndef OPENSSL_NO_EC
1966 ADD_TEST(test_X509_PUBKEY_inplace
);
1967 ADD_ALL_TESTS(test_invalide_ec_char2_pub_range_decode
,
1968 OSSL_NELEM(ec_der_pub_keys
));
1970 #ifndef OPENSSL_NO_DSA
1971 ADD_TEST(test_DSA_get_set_params
);
1973 ADD_TEST(test_RSA_get_set_params
);
1974 #if !defined(OPENSSL_NO_CHACHA) && !defined(OPENSSL_NO_POLY1305)
1975 ADD_TEST(test_decrypt_null_chunks
);
1977 #ifndef OPENSSL_NO_DH
1978 ADD_TEST(test_EVP_PKEY_set1_DH
);
1980 ADD_ALL_TESTS(test_keygen_with_empty_template
, 2);
1981 ADD_ALL_TESTS(test_pkey_ctx_fail_without_provider
, 2);
1983 ADD_TEST(test_rand_agglomeration
);
1984 ADD_ALL_TESTS(test_evp_iv
, 10);
1989 void cleanup_tests(void)
1991 OPENSSL_CTX_free(testctx
);